ID

VAR-202205-0953


CVE

CVE-2022-29029


TITLE

Siemens JT2GO and Siemens Teamcenter Visualization Code problem vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202205-3139

DESCRIPTION

A vulnerability has been identified in JT2Go (All versions < V13.3.0.3), Teamcenter Visualization V13.3 (All versions < V13.3.0.3), Teamcenter Visualization V14.0 (All versions < V14.0.0.1). The CGM_NIST_Loader.dll contains a null pointer dereference vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to crash the application causing denial of service condition. Siemens JT2GO and Teamcenter Visualization

Trust: 0.99

sources: NVD: CVE-2022-29029 // VULMON: CVE-2022-29029

AFFECTED PRODUCTS

vendor:siemensmodel:teamcenter visualizationscope:ltversion:14.0.0.1

Trust: 1.0

vendor:siemensmodel:teamcenter visualizationscope:gteversion:13.3

Trust: 1.0

vendor:siemensmodel:teamcenter visualizationscope:gteversion:14.0

Trust: 1.0

vendor:siemensmodel:jt2goscope:ltversion:13.3.0.3

Trust: 1.0

vendor:siemensmodel:teamcenter visualizationscope:ltversion:13.3.0.3

Trust: 1.0

sources: NVD: CVE-2022-29029

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2022-29029
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-202205-3139
value: MEDIUM

Trust: 0.6

NVD:
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: FALSE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: TRUE
version: 2.0

Trust: 1.0

NVD:
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

sources: NVD: CVE-2022-29029 // CNNVD: CNNVD-202205-3139

PROBLEMTYPE DATA

problemtype:CWE-476

Trust: 1.0

sources: NVD: CVE-2022-29029

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202205-3139

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-202205-3139

CONFIGURATIONS

sources: NVD: CVE-2022-29029

PATCH

title:Siemens JT2GO and Siemens Teamcenter Visualization Fixes for code issue vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=194239

Trust: 0.6

sources: CNNVD: CNNVD-202205-3139

EXTERNAL IDS

db:NVDid:CVE-2022-29029

Trust: 1.7

db:SIEMENSid:SSA-553086

Trust: 1.6

db:ICS CERTid:ICSA-22-132-09

Trust: 0.7

db:CS-HELPid:SB2022051211

Trust: 0.6

db:AUSCERTid:ESB-2022.2350

Trust: 0.6

db:CNNVDid:CNNVD-202205-3139

Trust: 0.6

db:VULMONid:CVE-2022-29029

Trust: 0.1

sources: VULMON: CVE-2022-29029 // NVD: CVE-2022-29029 // CNNVD: CNNVD-202205-3139

REFERENCES

url:https://cert-portal.siemens.com/productcert/pdf/ssa-553086.pdf

Trust: 1.6

url:https://us-cert.cisa.gov/ics/advisories/icsa-22-132-09

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.2350

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022051211

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2022-29029/

Trust: 0.6

url:https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-09

Trust: 0.1

sources: VULMON: CVE-2022-29029 // NVD: CVE-2022-29029 // CNNVD: CNNVD-202205-3139

CREDITS

reported these vulnerabilities to CISA., of ADLab of Venustech,Jin Huang

Trust: 0.6

sources: CNNVD: CNNVD-202205-3139

SOURCES

db:VULMONid:CVE-2022-29029
db:NVDid:CVE-2022-29029
db:CNNVDid:CNNVD-202205-3139

LAST UPDATE DATE

2023-12-18T11:56:05.364000+00:00


SOURCES UPDATE DATE

db:NVDid:CVE-2022-29029date:2022-05-26T22:59:29.667
db:CNNVDid:CNNVD-202205-3139date:2022-05-30T00:00:00

SOURCES RELEASE DATE

db:NVDid:CVE-2022-29029date:2022-05-20T13:15:15.600
db:CNNVDid:CNNVD-202205-3139date:2022-05-12T00:00:00