Sign-up

ID

VAR-202212-1172


CVE

CVE-2022-41287


TITLE

Siemens'  JT2Go  and  Teamcenter Visualization  Division by zero vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-023182

DESCRIPTION

A vulnerability has been identified in JT2Go (All versions < V14.1.0.6), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CGM_NIST_Loader.dll contains divide by zero vulnerability when parsing a CGM file. An attacker could leverage this vulnerability to crash the application causing denial of service condition. Siemens' JT2Go and Teamcenter Visualization Is vulnerable to division by zero.Service operation interruption (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2022-41287 // JVNDB: JVNDB-2022-023182

AFFECTED PRODUCTS

vendor:siemensmodel:teamcenter visualizationscope:gteversion:13.2.0

Trust: 1.0

vendor:siemensmodel:teamcenter visualizationscope:gteversion:13.3.0

Trust: 1.0

vendor:siemensmodel:teamcenter visualizationscope:gteversion:14.1

Trust: 1.0

vendor:siemensmodel:teamcenter visualizationscope:ltversion:14.0.0.4

Trust: 1.0

vendor:siemensmodel:teamcenter visualizationscope:ltversion:13.3.0.8

Trust: 1.0

vendor:siemensmodel:jt2goscope:ltversion:14.1.0.6

Trust: 1.0

vendor:siemensmodel:teamcenter visualizationscope:gteversion:14.0

Trust: 1.0

vendor:siemensmodel:teamcenter visualizationscope:ltversion:13.2.0.12

Trust: 1.0

vendor:siemensmodel:teamcenter visualizationscope:ltversion:14.1.0.6

Trust: 1.0

vendor:シーメンスmodel:teamcenter visualizationscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:jt2goscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-023182 // NVD: CVE-2022-41287

CVSS

SEVERITY

CVSSV2

CVSSV3

productcert@siemens.com: CVE-2022-41287
value: LOW

Trust: 1.0

NVD: CVE-2022-41287
value: MEDIUM

Trust: 1.0

OTHER: JVNDB-2022-023182
value: LOW

Trust: 0.8

CNNVD: CNNVD-202212-3102
value: LOW

Trust: 0.6

productcert@siemens.com:
baseSeverity: LOW
baseScore: 3.3
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: 1.8
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD:
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

OTHER: JVNDB-2022-023182
baseSeverity: LOW
baseScore: 3.3
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-023182 // CNNVD: CNNVD-202212-3102 // NVD: CVE-2022-41287 // NVD: CVE-2022-41287

PROBLEMTYPE DATA

problemtype:CWE-369

Trust: 1.0

problemtype:Division by zero (CWE-369) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-023182 // NVD: CVE-2022-41287

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202212-3102

TYPE

digital error

Trust: 0.6

sources: CNNVD: CNNVD-202212-3102

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2022-41287

PATCH
title:Siemens part of the product Fixes for digital error vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqbyid.tag?id=228953
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-202212-3102

EXTERNAL IDS
db:NVDid:CVE-2022-41287
Trust: 3.2
db:SIEMENSid:SSA-700053
Trust: 2.4
db:ICS CERTid:ICSA-22-349-20
Trust: 0.8
db:JVNid:JVNVU91561630
Trust: 0.8
db:JVNDBid:JVNDB-2022-023182
Trust: 0.8
db:CNNVDid:CNNVD-202212-3102
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2022-023182 // 
            
            
            
            CNNVD: CNNVD-202212-3102 // 
            
            
            
            NVD: CVE-2022-41287

REFERENCES
url:https://cert-portal.siemens.com/productcert/pdf/ssa-700053.pdf
Trust: 2.4
url:https://jvn.jp/vu/jvnvu91561630/
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2022-41287
Trust: 0.8
url:https://www.cisa.gov/news-events/ics-advisories/icsa-22-349-20
Trust: 0.8
url:https://cxsecurity.com/cveshow/cve-2022-41287/
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2022-023182 // 
            
            
            
            CNNVD: CNNVD-202212-3102 // 
            
            
            
            NVD: CVE-2022-41287

SOURCES
db:JVNDBid:JVNDB-2022-023182
db:CNNVDid:CNNVD-202212-3102
db:NVDid:CVE-2022-41287

LAST UPDATE DATE
2024-02-02T20:09:59.020000+00:00

SOURCES UPDATE DATE
db:JVNDBid:JVNDB-2022-023182date:2023-11-28T02:16:00
db:CNNVDid:CNNVD-202212-3102date:2023-04-12T00:00:00
db:NVDid:CVE-2022-41287date:2024-02-01T16:05:14.573

SOURCES RELEASE DATE
db:JVNDBid:JVNDB-2022-023182date:2023-11-28T00:00:00
db:CNNVDid:CNNVD-202212-3102date:2022-12-13T00:00:00
db:NVDid:CVE-2022-41287date:2022-12-13T16:15:23.060