Details of VAR-202212-1167

ID

VAR-202212-1167

CVE

CVE-2022-41278

TITLE

Siemens' JT2Go and Teamcenter Visualization In NULL Pointer dereference vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2022-023194

DESCRIPTION

A vulnerability has been identified in JT2Go (All versions < V14.1.0.6), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CGM_NIST_Loader.dll contains a null pointer dereference vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to crash the application causing denial of service condition. Siemens' JT2Go and Teamcenter Visualization for, NULL There is a vulnerability in pointer dereference.Service operation interruption (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2022-41278 // JVNDB: JVNDB-2022-023194

AFFECTED PRODUCTS

vendor:	siemens	model:	teamcenter visualization	scope:	gte	version:	13.2.0	Trust: 1.0
vendor:	siemens	model:	teamcenter visualization	scope:	gte	version:	13.3.0	Trust: 1.0
vendor:	siemens	model:	teamcenter visualization	scope:	gte	version:	14.1	Trust: 1.0
vendor:	siemens	model:	teamcenter visualization	scope:	lt	version:	14.0.0.4	Trust: 1.0
vendor:	siemens	model:	teamcenter visualization	scope:	lt	version:	13.3.0.8	Trust: 1.0
vendor:	siemens	model:	jt2go	scope:	lt	version:	14.1.0.6	Trust: 1.0
vendor:	siemens	model:	teamcenter visualization	scope:	gte	version:	14.0	Trust: 1.0
vendor:	siemens	model:	teamcenter visualization	scope:	lt	version:	13.2.0.12	Trust: 1.0
vendor:	siemens	model:	teamcenter visualization	scope:	lt	version:	14.1.0.6	Trust: 1.0
vendor:	シーメンス	model:	teamcenter visualization	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	jt2go	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-023194 // NVD: CVE-2022-41278

CVSS

SEVERITY

CVSSV2

CVSSV3

productcert@siemens.com:	CVE-2022-41278
value:	LOW
Trust: 1.0
NVD:	CVE-2022-41278
value:	MEDIUM
Trust: 1.0
OTHER:	JVNDB-2022-023194
value:	LOW
Trust: 0.8
CNNVD:	CNNVD-202212-3114
value:	LOW
Trust: 0.6

productcert@siemens.com:
baseSeverity:	LOW
baseScore:	3.3
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	LOW
exploitabilityScore:	1.8
impactScore:	1.4
version:	3.1
Trust: 1.0
NVD:
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2022-023194
baseSeverity:	LOW
baseScore:	3.3
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	LOW
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2022-023194 // CNNVD: CNNVD-202212-3114 // NVD: CVE-2022-41278 // NVD: CVE-2022-41278

PROBLEMTYPE DATA

problemtype:	CWE-476	Trust: 1.0
problemtype:	NULL Pointer dereference (CWE-476) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-023194 // NVD: CVE-2022-41278

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202212-3114

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-202212-3114

CONFIGURATIONS

sources: NVD: CVE-2022-41278

PATCH

title:

Siemens part of the product Fixes for code issue vulnerabilities

url:

http://123.124.177.30/web/xxk/bdxqbyid.tag?id=228957

Trust: 0.6

sources: CNNVD: CNNVD-202212-3114

EXTERNAL IDS

db:	NVD	id:	CVE-2022-41278	Trust: 3.2
db:	SIEMENS	id:	SSA-700053	Trust: 2.4
db:	ICS CERT	id:	ICSA-22-349-20	Trust: 0.8
db:	JVN	id:	JVNVU91561630	Trust: 0.8
db:	JVNDB	id:	JVNDB-2022-023194	Trust: 0.8
db:	CNNVD	id:	CNNVD-202212-3114	Trust: 0.6

sources: JVNDB: JVNDB-2022-023194 // CNNVD: CNNVD-202212-3114 // NVD: CVE-2022-41278

REFERENCES

url:	https://cert-portal.siemens.com/productcert/pdf/ssa-700053.pdf	Trust: 2.4
url:	https://jvn.jp/vu/jvnvu91561630/	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2022-41278	Trust: 0.8
url:	https://www.cisa.gov/news-events/ics-advisories/icsa-22-349-20	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2022-41278/	Trust: 0.6

sources: JVNDB: JVNDB-2022-023194 // CNNVD: CNNVD-202212-3114 // NVD: CVE-2022-41278

SOURCES

db:	JVNDB	id:	JVNDB-2022-023194
db:	CNNVD	id:	CNNVD-202212-3114
db:	NVD	id:	CVE-2022-41278

LAST UPDATE DATE

2024-02-02T20:39:59.106000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2022-023194	date:	2023-11-28T02:23:00
db:	CNNVD	id:	CNNVD-202212-3114	date:	2023-04-12T00:00:00
db:	NVD	id:	CVE-2022-41278	date:	2024-02-01T15:53:27.107

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2022-023194	date:	2023-11-28T00:00:00
db:	CNNVD	id:	CNNVD-202212-3114	date:	2022-12-13T00:00:00
db:	NVD	id:	CVE-2022-41278	date:	2022-12-13T16:15:22.100