Details of VAR-202306-0898

ID

VAR-202306-0898

CVE

CVE-2023-33123

TITLE

Siemens' JT2Go and Teamcenter Visualization Out-of-bounds read vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2023-008588

DESCRIPTION

A vulnerability has been identified in JT2Go (All versions < V14.2.0.3), Teamcenter Visualization V13.2 (All versions < V13.2.0.13), Teamcenter Visualization V13.3 (All versions < V13.3.0.10), Teamcenter Visualization V14.0 (All versions < V14.0.0.6), Teamcenter Visualization V14.1 (All versions < V14.1.0.8), Teamcenter Visualization V14.2 (All versions < V14.2.0.3). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted CGM files. This could allow an attacker to execute code in the context of the current process. Siemens' JT2Go and Teamcenter Visualization Exists in an out-of-bounds read vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2023-33123 // JVNDB: JVNDB-2023-008588 // VULMON: CVE-2023-33123

AFFECTED PRODUCTS

vendor:	siemens	model:	teamcenter visualization	scope:	lt	version:	14.2.0.3	Trust: 1.0
vendor:	siemens	model:	teamcenter visualization	scope:	gte	version:	13.2.0	Trust: 1.0
vendor:	siemens	model:	teamcenter visualization	scope:	gte	version:	13.3.0	Trust: 1.0
vendor:	siemens	model:	teamcenter visualization	scope:	gte	version:	14.1	Trust: 1.0
vendor:	siemens	model:	teamcenter visualization	scope:	lt	version:	13.3.0.10	Trust: 1.0
vendor:	siemens	model:	jt2go	scope:	lt	version:	14.2.0.3	Trust: 1.0
vendor:	siemens	model:	teamcenter visualization	scope:	gte	version:	14.2	Trust: 1.0
vendor:	siemens	model:	teamcenter visualization	scope:	lt	version:	13.2.0.13	Trust: 1.0
vendor:	siemens	model:	teamcenter visualization	scope:	gte	version:	14.0	Trust: 1.0
vendor:	siemens	model:	teamcenter visualization	scope:	lt	version:	14.0.0.6	Trust: 1.0
vendor:	siemens	model:	teamcenter visualization	scope:	lt	version:	14.1.0.8	Trust: 1.0
vendor:	シーメンス	model:	teamcenter visualization	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	jt2go	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2023-008588 // NVD: CVE-2023-33123

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2023-33123
value:	HIGH
Trust: 1.8
productcert@siemens.com:	CVE-2023-33123
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-202306-874
value:	HIGH
Trust: 0.6

NVD:
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 2.0
NVD:	CVE-2023-33123
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2023-008588 // NVD: CVE-2023-33123 // NVD: CVE-2023-33123 // CNNVD: CNNVD-202306-874

PROBLEMTYPE DATA

problemtype:	CWE-125	Trust: 1.0
problemtype:	Out-of-bounds read (CWE-125) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2023-008588 // NVD: CVE-2023-33123

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202306-874

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202306-874

CONFIGURATIONS

sources: NVD: CVE-2023-33123

PATCH

title:

Siemens JT2Go Security vulnerabilities

url:

http://123.124.177.30/web/xxk/bdxqbyid.tag?id=241391

Trust: 0.6

sources: CNNVD: CNNVD-202306-874

EXTERNAL IDS

db:	NVD	id:	CVE-2023-33123	Trust: 3.3
db:	SIEMENS	id:	SSA-538795	Trust: 2.5
db:	ICS CERT	id:	ICSA-23-166-14	Trust: 0.8
db:	JVN	id:	JVNVU99464755	Trust: 0.8
db:	JVNDB	id:	JVNDB-2023-008588	Trust: 0.8
db:	CNNVD	id:	CNNVD-202306-874	Trust: 0.6
db:	VULMON	id:	CVE-2023-33123	Trust: 0.1

sources: VULMON: CVE-2023-33123 // JVNDB: JVNDB-2023-008588 // NVD: CVE-2023-33123 // CNNVD: CNNVD-202306-874

REFERENCES

url:	https://cert-portal.siemens.com/productcert/pdf/ssa-538795.pdf	Trust: 2.5
url:	https://jvn.jp/vu/jvnvu99464755/	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2023-33123	Trust: 0.8
url:	https://www.cisa.gov/news-events/ics-advisories/icsa-23-166-14	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2023-33123/	Trust: 0.6
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULMON: CVE-2023-33123 // JVNDB: JVNDB-2023-008588 // NVD: CVE-2023-33123 // CNNVD: CNNVD-202306-874

SOURCES

db:	VULMON	id:	CVE-2023-33123
db:	JVNDB	id:	JVNDB-2023-008588
db:	NVD	id:	CVE-2023-33123
db:	CNNVD	id:	CNNVD-202306-874

LAST UPDATE DATE

2023-12-18T11:24:48.250000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2023-33123	date:	2023-06-13T00:00:00
db:	JVNDB	id:	JVNDB-2023-008588	date:	2023-12-01T08:15:00
db:	NVD	id:	CVE-2023-33123	date:	2023-06-21T20:37:57.867
db:	CNNVD	id:	CNNVD-202306-874	date:	2023-06-25T00:00:00

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2023-33123	date:	2023-06-13T00:00:00
db:	JVNDB	id:	JVNDB-2023-008588	date:	2023-12-01T00:00:00
db:	NVD	id:	CVE-2023-33123	date:	2023-06-13T09:15:18.437
db:	CNNVD	id:	CNNVD-202306-874	date:	2023-06-13T00:00:00