Details of VAR-202212-1165

ID

VAR-202212-1165

CVE

CVE-2022-41286

TITLE

Siemens' JT2Go and Teamcenter Visualization Out-of-bounds read vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-023184

DESCRIPTION

A vulnerability has been identified in JT2Go (All versions < V14.1.0.6), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CGM_NIST_Loader.dll contains an out of bounds write vulnerability when parsing a CGM file. An attacker can leverage this vulnerability to execute code in the context of the current process. Siemens' JT2Go and Teamcenter Visualization Exists in an out-of-bounds read vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2022-41286 // JVNDB: JVNDB-2022-023184

AFFECTED PRODUCTS

vendor:	siemens	model:	teamcenter visualization	scope:	lt	version:	13.2.0.12	Trust: 1.0
vendor:	siemens	model:	teamcenter visualization	scope:	lt	version:	14.1.0.6	Trust: 1.0
vendor:	siemens	model:	teamcenter visualization	scope:	gte	version:	13.2.0	Trust: 1.0
vendor:	siemens	model:	teamcenter visualization	scope:	lt	version:	13.3.0.8	Trust: 1.0
vendor:	siemens	model:	teamcenter visualization	scope:	gte	version:	14.1	Trust: 1.0
vendor:	siemens	model:	jt2go	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	teamcenter visualization	scope:	gte	version:	14.0	Trust: 1.0
vendor:	siemens	model:	teamcenter visualization	scope:	gte	version:	13.3.0	Trust: 1.0
vendor:	siemens	model:	teamcenter visualization	scope:	lt	version:	14.0.0.4	Trust: 1.0
vendor:	シーメンス	model:	teamcenter visualization	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	jt2go	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-023184 // NVD: CVE-2022-41286

CVSS

SEVERITY

CVSSV2

CVSSV3

productcert@siemens.com:	CVE-2022-41286
value:	HIGH
Trust: 1.0
NVD:	CVE-2022-41286
value:	HIGH
Trust: 1.0
OTHER:	JVNDB-2022-023184
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202212-3104
value:	HIGH
Trust: 0.6

productcert@siemens.com:
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 2.0
OTHER:	JVNDB-2022-023184
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2022-023184 // NVD: CVE-2022-41286 // NVD: CVE-2022-41286 // CNNVD: CNNVD-202212-3104

PROBLEMTYPE DATA

problemtype:	CWE-125	Trust: 1.0
problemtype:	Out-of-bounds read (CWE-125) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-023184 // NVD: CVE-2022-41286

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202212-3104

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202212-3104

CONFIGURATIONS

sources: NVD: CVE-2022-41286

PATCH

title:

Siemens part of the product Buffer error vulnerability fix

url:

http://123.124.177.30/web/xxk/bdxqbyid.tag?id=217843

Trust: 0.6

sources: CNNVD: CNNVD-202212-3104

EXTERNAL IDS

db:	NVD	id:	CVE-2022-41286	Trust: 3.2
db:	SIEMENS	id:	SSA-700053	Trust: 2.4
db:	ICS CERT	id:	ICSA-22-349-20	Trust: 0.8
db:	JVN	id:	JVNVU91561630	Trust: 0.8
db:	JVNDB	id:	JVNDB-2022-023184	Trust: 0.8
db:	CNNVD	id:	CNNVD-202212-3104	Trust: 0.6

sources: JVNDB: JVNDB-2022-023184 // NVD: CVE-2022-41286 // CNNVD: CNNVD-202212-3104

REFERENCES

url:	https://cert-portal.siemens.com/productcert/pdf/ssa-700053.pdf	Trust: 2.4
url:	https://jvn.jp/vu/jvnvu91561630/	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2022-41286	Trust: 0.8
url:	https://www.cisa.gov/news-events/ics-advisories/icsa-22-349-20	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2022-41286/	Trust: 0.6

sources: JVNDB: JVNDB-2022-023184 // NVD: CVE-2022-41286 // CNNVD: CNNVD-202212-3104

SOURCES

db:	JVNDB	id:	JVNDB-2022-023184
db:	NVD	id:	CVE-2022-41286
db:	CNNVD	id:	CNNVD-202212-3104

LAST UPDATE DATE

2023-12-18T11:19:48.623000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2022-023184	date:	2023-11-28T02:17:00
db:	NVD	id:	CVE-2022-41286	date:	2023-04-11T10:15:17.183
db:	CNNVD	id:	CNNVD-202212-3104	date:	2023-04-12T00:00:00

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2022-023184	date:	2023-11-28T00:00:00
db:	NVD	id:	CVE-2022-41286	date:	2022-12-13T16:15:22.973
db:	CNNVD	id:	CNNVD-202212-3104	date:	2022-12-13T00:00:00