ID

VAR-202205-0952


CVE

CVE-2022-29028


TITLE

Siemens JT2GO and Siemens Teamcenter Visualization Security hole

Trust: 0.6

sources: CNNVD: CNNVD-202205-3138

DESCRIPTION

A vulnerability has been identified in JT2Go (All versions < V13.3.0.3), Teamcenter Visualization V13.3 (All versions < V13.3.0.3), Teamcenter Visualization V14.0 (All versions < V14.0.0.1). The Tiff_Loader.dll is vulnerable to infinite loop condition while parsing specially crafted TIFF files. An attacker could leverage this vulnerability to crash the application causing denial of service condition. Siemens JT2GO and Teamcenter Visualization

Trust: 0.99

sources: NVD: CVE-2022-29028 // VULMON: CVE-2022-29028

AFFECTED PRODUCTS

vendor:siemensmodel:teamcenter visualizationscope:ltversion:14.0.0.1

Trust: 1.0

vendor:siemensmodel:teamcenter visualizationscope:gteversion:13.3

Trust: 1.0

vendor:siemensmodel:teamcenter visualizationscope:gteversion:14.0

Trust: 1.0

vendor:siemensmodel:jt2goscope:ltversion:13.3.0.3

Trust: 1.0

vendor:siemensmodel:teamcenter visualizationscope:ltversion:13.3.0.3

Trust: 1.0

sources: NVD: CVE-2022-29028

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2022-29028
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-202205-3138
value: MEDIUM

Trust: 0.6

NVD:
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: FALSE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: TRUE
version: 2.0

Trust: 1.0

NVD:
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

sources: NVD: CVE-2022-29028 // CNNVD: CNNVD-202205-3138

PROBLEMTYPE DATA

problemtype:CWE-835

Trust: 1.0

sources: NVD: CVE-2022-29028

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202205-3138

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202205-3138

CONFIGURATIONS

sources: NVD: CVE-2022-29028

PATCH

title:Siemens JT2GO and Siemens Teamcenter Visualization Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=194238

Trust: 0.6

sources: CNNVD: CNNVD-202205-3138

EXTERNAL IDS

db:NVDid:CVE-2022-29028

Trust: 1.7

db:SIEMENSid:SSA-553086

Trust: 1.6

db:ICS CERTid:ICSA-22-132-09

Trust: 0.7

db:CS-HELPid:SB2022051211

Trust: 0.6

db:AUSCERTid:ESB-2022.2350

Trust: 0.6

db:CNNVDid:CNNVD-202205-3138

Trust: 0.6

db:VULMONid:CVE-2022-29028

Trust: 0.1

sources: VULMON: CVE-2022-29028 // NVD: CVE-2022-29028 // CNNVD: CNNVD-202205-3138

REFERENCES

url:https://cert-portal.siemens.com/productcert/pdf/ssa-553086.pdf

Trust: 1.6

url:https://us-cert.cisa.gov/ics/advisories/icsa-22-132-09

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.2350

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022051211

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2022-29028/

Trust: 0.6

url:https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-09

Trust: 0.1

sources: VULMON: CVE-2022-29028 // NVD: CVE-2022-29028 // CNNVD: CNNVD-202205-3138

CREDITS

reported these vulnerabilities to CISA., of ADLab of Venustech,Jin Huang

Trust: 0.6

sources: CNNVD: CNNVD-202205-3138

SOURCES

db:VULMONid:CVE-2022-29028
db:NVDid:CVE-2022-29028
db:CNNVDid:CNNVD-202205-3138

LAST UPDATE DATE

2023-12-18T11:56:05.528000+00:00


SOURCES UPDATE DATE

db:NVDid:CVE-2022-29028date:2022-05-26T16:19:56.143
db:CNNVDid:CNNVD-202205-3138date:2022-05-30T00:00:00

SOURCES RELEASE DATE

db:NVDid:CVE-2022-29028date:2022-05-20T13:15:15.550
db:CNNVDid:CNNVD-202205-3138date:2022-05-12T00:00:00