Details of VAR-202212-1173

ID

VAR-202212-1173

CVE

CVE-2022-41281

TITLE

Siemens' JT2Go and Teamcenter Visualization Out-of-bounds read vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-023190

DESCRIPTION

A vulnerability has been identified in JT2Go (All versions < V14.1.0.6), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CGM_NIST_Loader.dll contains an out of bounds read vulnerability when parsing a CGM file. An attacker can leverage this vulnerability to execute code in the context of the current process. Siemens' JT2Go and Teamcenter Visualization Exists in an out-of-bounds read vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2022-41281 // JVNDB: JVNDB-2022-023190

AFFECTED PRODUCTS

vendor:	siemens	model:	teamcenter visualization	scope:	lt	version:	13.2.0.12	Trust: 1.0
vendor:	siemens	model:	teamcenter visualization	scope:	lt	version:	14.1.0.6	Trust: 1.0
vendor:	siemens	model:	teamcenter visualization	scope:	gte	version:	13.2.0	Trust: 1.0
vendor:	siemens	model:	teamcenter visualization	scope:	lt	version:	13.3.0.8	Trust: 1.0
vendor:	siemens	model:	teamcenter visualization	scope:	gte	version:	14.1	Trust: 1.0
vendor:	siemens	model:	jt2go	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	teamcenter visualization	scope:	gte	version:	14.0	Trust: 1.0
vendor:	siemens	model:	teamcenter visualization	scope:	gte	version:	13.3.0	Trust: 1.0
vendor:	siemens	model:	teamcenter visualization	scope:	lt	version:	14.0.0.4	Trust: 1.0
vendor:	シーメンス	model:	teamcenter visualization	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	jt2go	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-023190 // NVD: CVE-2022-41281

CVSS

SEVERITY

CVSSV2

CVSSV3

productcert@siemens.com:	CVE-2022-41281
value:	HIGH
Trust: 1.0
NVD:	CVE-2022-41281
value:	HIGH
Trust: 1.0
OTHER:	JVNDB-2022-023190
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202212-3111
value:	HIGH
Trust: 0.6

productcert@siemens.com:
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 2.0
OTHER:	JVNDB-2022-023190
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2022-023190 // NVD: CVE-2022-41281 // NVD: CVE-2022-41281 // CNNVD: CNNVD-202212-3111

PROBLEMTYPE DATA

problemtype:	CWE-125	Trust: 1.0
problemtype:	Out-of-bounds read (CWE-125) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-023190 // NVD: CVE-2022-41281

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202212-3111

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202212-3111

CONFIGURATIONS

sources: NVD: CVE-2022-41281

PATCH

title:

Siemens part of the product Buffer error vulnerability fix

url:

http://123.124.177.30/web/xxk/bdxqbyid.tag?id=217849

Trust: 0.6

sources: CNNVD: CNNVD-202212-3111

EXTERNAL IDS

db:	NVD	id:	CVE-2022-41281	Trust: 3.2
db:	SIEMENS	id:	SSA-700053	Trust: 2.4
db:	ICS CERT	id:	ICSA-22-349-20	Trust: 0.8
db:	JVN	id:	JVNVU91561630	Trust: 0.8
db:	JVNDB	id:	JVNDB-2022-023190	Trust: 0.8
db:	CNNVD	id:	CNNVD-202212-3111	Trust: 0.6

sources: JVNDB: JVNDB-2022-023190 // NVD: CVE-2022-41281 // CNNVD: CNNVD-202212-3111

REFERENCES

url:	https://cert-portal.siemens.com/productcert/pdf/ssa-700053.pdf	Trust: 2.4
url:	https://jvn.jp/vu/jvnvu91561630/	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2022-41281	Trust: 0.8
url:	https://www.cisa.gov/news-events/ics-advisories/icsa-22-349-20	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2022-41281/	Trust: 0.6

sources: JVNDB: JVNDB-2022-023190 // NVD: CVE-2022-41281 // CNNVD: CNNVD-202212-3111

SOURCES

db:	JVNDB	id:	JVNDB-2022-023190
db:	NVD	id:	CVE-2022-41281
db:	CNNVD	id:	CNNVD-202212-3111

LAST UPDATE DATE

2023-12-18T10:58:52.389000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2022-023190	date:	2023-11-28T02:21:00
db:	NVD	id:	CVE-2022-41281	date:	2023-04-11T10:15:16.827
db:	CNNVD	id:	CNNVD-202212-3111	date:	2023-04-12T00:00:00

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2022-023190	date:	2023-11-28T00:00:00
db:	NVD	id:	CVE-2022-41281	date:	2022-12-13T16:15:22.383
db:	CNNVD	id:	CNNVD-202212-3111	date:	2022-12-13T00:00:00