Sign-up

ID

VAR-202205-0954


CVE

CVE-2022-29030


TITLE

Siemens JT2GO and Siemens Teamcenter Visualization Input validation error vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202205-3136

DESCRIPTION

A vulnerability has been identified in JT2Go (All versions < V13.3.0.3), Teamcenter Visualization V13.3 (All versions < V13.3.0.3), Teamcenter Visualization V14.0 (All versions < V14.0.0.1). The Mono_Loader.dll library is vulnerable to integer overflow condition while parsing specially crafted TG4 files. An attacker could leverage this vulnerability to crash the application causing denial of service condition. Siemens JT2GO and Teamcenter Visualization

Trust: 0.99

sources: NVD: CVE-2022-29030 // VULMON: CVE-2022-29030

AFFECTED PRODUCTS

vendor:siemensmodel:teamcenter visualizationscope:ltversion:14.0.0.1

Trust: 1.0

vendor:siemensmodel:teamcenter visualizationscope:gteversion:13.3

Trust: 1.0

vendor:siemensmodel:teamcenter visualizationscope:gteversion:14.0

Trust: 1.0

vendor:siemensmodel:jt2goscope:ltversion:13.3.0.3

Trust: 1.0

vendor:siemensmodel:teamcenter visualizationscope:ltversion:13.3.0.3

Trust: 1.0

sources: NVD: CVE-2022-29030

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2022-29030
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-202205-3136
value: MEDIUM

Trust: 0.6

NVD:
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: FALSE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: TRUE
version: 2.0

Trust: 1.0

NVD:
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

sources: NVD: CVE-2022-29030 // CNNVD: CNNVD-202205-3136

PROBLEMTYPE DATA

problemtype:CWE-190

Trust: 1.0

sources: NVD: CVE-2022-29030

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202205-3136

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202205-3136

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2022-29030

PATCH
title:Siemens JT2GO  and Siemens Teamcenter Visualization Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=194236
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-202205-3136

EXTERNAL IDS
db:NVDid:CVE-2022-29030
Trust: 1.7
db:SIEMENSid:SSA-553086
Trust: 1.6
db:ICS CERTid:ICSA-22-132-09
Trust: 0.7
db:CS-HELPid:SB2022051211
Trust: 0.6
db:AUSCERTid:ESB-2022.2350
Trust: 0.6
db:CNNVDid:CNNVD-202205-3136
Trust: 0.6
db:VULMONid:CVE-2022-29030
Trust: 0.1
sources:
            
            
            VULMON: CVE-2022-29030 // 
            
            
            
            NVD: CVE-2022-29030 // 
            
            
            
            CNNVD: CNNVD-202205-3136

REFERENCES
url:https://cert-portal.siemens.com/productcert/pdf/ssa-553086.pdf
Trust: 1.6
url:https://us-cert.cisa.gov/ics/advisories/icsa-22-132-09
Trust: 0.6
url:https://cxsecurity.com/cveshow/cve-2022-29030/
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2022.2350
Trust: 0.6
url:https://www.cybersecurity-help.cz/vdb/sb2022051211
Trust: 0.6
url:https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-09
Trust: 0.1
sources:
            
            
            VULMON: CVE-2022-29030 // 
            
            
            
            NVD: CVE-2022-29030 // 
            
            
            
            CNNVD: CNNVD-202205-3136

CREDITS
reported these vulnerabilities to CISA., of ADLab of Venustech,Jin Huang
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-202205-3136

SOURCES
db:VULMONid:CVE-2022-29030
db:NVDid:CVE-2022-29030
db:CNNVDid:CNNVD-202205-3136

LAST UPDATE DATE
2023-12-18T11:56:05.400000+00:00

SOURCES UPDATE DATE
db:NVDid:CVE-2022-29030date:2022-05-26T22:56:55.667
db:CNNVDid:CNNVD-202205-3136date:2022-05-30T00:00:00

SOURCES RELEASE DATE
db:NVDid:CVE-2022-29030date:2022-05-20T13:15:15.647
db:CNNVDid:CNNVD-202205-3136date:2022-05-12T00:00:00