Details of VAR-202205-0955

ID

VAR-202205-0955

CVE

CVE-2022-29031

TITLE

Siemens JT2GO and Siemens Teamcenter Visualization Code problem vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202205-3135

DESCRIPTION

A vulnerability has been identified in JT2Go (All versions < V13.3.0.3), Teamcenter Visualization V13.3 (All versions < V13.3.0.3), Teamcenter Visualization V14.0 (All versions < V14.0.0.1). The CGM_NIST_Loader.dll contains a null pointer dereference vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to crash the application causing denial of service condition. Siemens JT2GO and Teamcenter Visualization

Trust: 0.99

sources: NVD: CVE-2022-29031 // VULMON: CVE-2022-29031

AFFECTED PRODUCTS

vendor:	siemens	model:	teamcenter visualization	scope:	lt	version:	14.0.0.1	Trust: 1.0
vendor:	siemens	model:	teamcenter visualization	scope:	gte	version:	13.3	Trust: 1.0
vendor:	siemens	model:	teamcenter visualization	scope:	gte	version:	14.0	Trust: 1.0
vendor:	siemens	model:	jt2go	scope:	lt	version:	13.3.0.3	Trust: 1.0
vendor:	siemens	model:	teamcenter visualization	scope:	lt	version:	13.3.0.3	Trust: 1.0

sources: NVD: CVE-2022-29031

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2022-29031
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-202205-3135
value:	MEDIUM
Trust: 0.6

NVD:
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	FALSE
obtainAllPrivilege:	FALSE
obtainUserPrivilege:	FALSE
obtainOtherPrivilege:	FALSE
userInteractionRequired:	TRUE
version:	2.0
Trust: 1.0

NVD:
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.1
Trust: 1.0

sources: NVD: CVE-2022-29031 // CNNVD: CNNVD-202205-3135

PROBLEMTYPE DATA

problemtype:

CWE-476

Trust: 1.0

sources: NVD: CVE-2022-29031

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202205-3135

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-202205-3135

CONFIGURATIONS

sources: NVD: CVE-2022-29031

PATCH

title:

Siemens JT2GO and Siemens Teamcenter Visualization Fixes for code issue vulnerabilities

url:

http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=194235

Trust: 0.6

sources: CNNVD: CNNVD-202205-3135

EXTERNAL IDS

db:	NVD	id:	CVE-2022-29031	Trust: 1.7
db:	SIEMENS	id:	SSA-553086	Trust: 1.6
db:	ICS CERT	id:	ICSA-22-132-09	Trust: 0.7
db:	CS-HELP	id:	SB2022051211	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.2350	Trust: 0.6
db:	CNNVD	id:	CNNVD-202205-3135	Trust: 0.6
db:	VULMON	id:	CVE-2022-29031	Trust: 0.1

sources: VULMON: CVE-2022-29031 // NVD: CVE-2022-29031 // CNNVD: CNNVD-202205-3135

REFERENCES

url:	https://cert-portal.siemens.com/productcert/pdf/ssa-553086.pdf	Trust: 1.6
url:	https://us-cert.cisa.gov/ics/advisories/icsa-22-132-09	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2022-29031/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.2350	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022051211	Trust: 0.6
url:	https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-09	Trust: 0.1

sources: VULMON: CVE-2022-29031 // NVD: CVE-2022-29031 // CNNVD: CNNVD-202205-3135

CREDITS

reported these vulnerabilities to CISA., of ADLab of Venustech,Jin Huang

Trust: 0.6

sources: CNNVD: CNNVD-202205-3135

SOURCES

db:	VULMON	id:	CVE-2022-29031
db:	NVD	id:	CVE-2022-29031
db:	CNNVD	id:	CNNVD-202205-3135

LAST UPDATE DATE

2023-12-18T11:56:05.436000+00:00

SOURCES UPDATE DATE

db:	NVD	id:	CVE-2022-29031	date:	2022-05-26T22:53:12.673
db:	CNNVD	id:	CNNVD-202205-3135	date:	2022-05-30T00:00:00

SOURCES RELEASE DATE

db:	NVD	id:	CVE-2022-29031	date:	2022-05-20T13:15:15.697
db:	CNNVD	id:	CNNVD-202205-3135	date:	2022-05-12T00:00:00