ID

VAR-202212-1170


CVE

CVE-2022-41280


TITLE

Siemens'  JT2Go  and  Teamcenter Visualization  In  NULL  Pointer dereference vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2022-023192

DESCRIPTION

A vulnerability has been identified in JT2Go (All versions < V14.1.0.6), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CGM_NIST_Loader.dll contains a null pointer dereference vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to crash the application causing denial of service condition. Siemens' JT2Go and Teamcenter Visualization for, NULL There is a vulnerability in pointer dereference.Service operation interruption (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2022-41280 // JVNDB: JVNDB-2022-023192

AFFECTED PRODUCTS

vendor:siemensmodel:teamcenter visualizationscope:ltversion:13.2.0.12

Trust: 1.0

vendor:siemensmodel:teamcenter visualizationscope:ltversion:14.1.0.6

Trust: 1.0

vendor:siemensmodel:teamcenter visualizationscope:gteversion:13.2.0

Trust: 1.0

vendor:siemensmodel:teamcenter visualizationscope:ltversion:13.3.0.8

Trust: 1.0

vendor:siemensmodel:teamcenter visualizationscope:gteversion:14.1

Trust: 1.0

vendor:siemensmodel:jt2goscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:teamcenter visualizationscope:gteversion:14.0

Trust: 1.0

vendor:siemensmodel:teamcenter visualizationscope:gteversion:13.3.0

Trust: 1.0

vendor:siemensmodel:teamcenter visualizationscope:ltversion:14.0.0.4

Trust: 1.0

vendor:シーメンスmodel:teamcenter visualizationscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:jt2goscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-023192 // NVD: CVE-2022-41280

CVSS

SEVERITY

CVSSV2

CVSSV3

productcert@siemens.com: CVE-2022-41280
value: LOW

Trust: 1.0

NVD: CVE-2022-41280
value: MEDIUM

Trust: 1.0

OTHER: JVNDB-2022-023192
value: LOW

Trust: 0.8

CNNVD: CNNVD-202212-3112
value: LOW

Trust: 0.6

productcert@siemens.com:
baseSeverity: LOW
baseScore: 3.3
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: 1.8
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD:
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

OTHER: JVNDB-2022-023192
baseSeverity: LOW
baseScore: 3.3
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-023192 // NVD: CVE-2022-41280 // NVD: CVE-2022-41280 // CNNVD: CNNVD-202212-3112

PROBLEMTYPE DATA

problemtype:CWE-476

Trust: 1.0

problemtype:NULL Pointer dereference (CWE-476) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-023192 // NVD: CVE-2022-41280

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202212-3112

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-202212-3112

CONFIGURATIONS

sources: NVD: CVE-2022-41280

PATCH

title:Siemens part of the product Fixes for code issue vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqbyid.tag?id=228955

Trust: 0.6

sources: CNNVD: CNNVD-202212-3112

EXTERNAL IDS

db:NVDid:CVE-2022-41280

Trust: 3.2

db:SIEMENSid:SSA-700053

Trust: 2.4

db:ICS CERTid:ICSA-22-349-20

Trust: 0.8

db:JVNid:JVNVU91561630

Trust: 0.8

db:JVNDBid:JVNDB-2022-023192

Trust: 0.8

db:CNNVDid:CNNVD-202212-3112

Trust: 0.6

sources: JVNDB: JVNDB-2022-023192 // NVD: CVE-2022-41280 // CNNVD: CNNVD-202212-3112

REFERENCES

url:https://cert-portal.siemens.com/productcert/pdf/ssa-700053.pdf

Trust: 2.4

url:https://jvn.jp/vu/jvnvu91561630/

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2022-41280

Trust: 0.8

url:https://www.cisa.gov/news-events/ics-advisories/icsa-22-349-20

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2022-41280/

Trust: 0.6

sources: JVNDB: JVNDB-2022-023192 // NVD: CVE-2022-41280 // CNNVD: CNNVD-202212-3112

SOURCES

db:JVNDBid:JVNDB-2022-023192
db:NVDid:CVE-2022-41280
db:CNNVDid:CNNVD-202212-3112

LAST UPDATE DATE

2023-12-18T10:47:06.100000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2022-023192date:2023-11-28T02:22:00
db:NVDid:CVE-2022-41280date:2023-04-11T10:15:16.757
db:CNNVDid:CNNVD-202212-3112date:2023-04-12T00:00:00

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2022-023192date:2023-11-28T00:00:00
db:NVDid:CVE-2022-41280date:2022-12-13T16:15:22.290
db:CNNVDid:CNNVD-202212-3112date:2022-12-13T00:00:00