ID

VAR-202306-0898


CVE

CVE-2023-33123


TITLE

Siemens'  JT2Go  and  Teamcenter Visualization  Out-of-bounds read vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2023-008588

DESCRIPTION

A vulnerability has been identified in JT2Go (All versions < V14.2.0.3), Teamcenter Visualization V13.2 (All versions < V13.2.0.13), Teamcenter Visualization V13.3 (All versions < V13.3.0.10), Teamcenter Visualization V14.0 (All versions < V14.0.0.6), Teamcenter Visualization V14.1 (All versions < V14.1.0.8), Teamcenter Visualization V14.2 (All versions < V14.2.0.3). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted CGM files. This could allow an attacker to execute code in the context of the current process. Siemens' JT2Go and Teamcenter Visualization Exists in an out-of-bounds read vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2023-33123 // JVNDB: JVNDB-2023-008588 // VULMON: CVE-2023-33123

AFFECTED PRODUCTS

vendor:siemensmodel:teamcenter visualizationscope:ltversion:14.2.0.3

Trust: 1.0

vendor:siemensmodel:teamcenter visualizationscope:gteversion:13.2.0

Trust: 1.0

vendor:siemensmodel:teamcenter visualizationscope:gteversion:13.3.0

Trust: 1.0

vendor:siemensmodel:teamcenter visualizationscope:gteversion:14.1

Trust: 1.0

vendor:siemensmodel:teamcenter visualizationscope:ltversion:13.3.0.10

Trust: 1.0

vendor:siemensmodel:jt2goscope:ltversion:14.2.0.3

Trust: 1.0

vendor:siemensmodel:teamcenter visualizationscope:gteversion:14.2

Trust: 1.0

vendor:siemensmodel:teamcenter visualizationscope:ltversion:13.2.0.13

Trust: 1.0

vendor:siemensmodel:teamcenter visualizationscope:gteversion:14.0

Trust: 1.0

vendor:siemensmodel:teamcenter visualizationscope:ltversion:14.0.0.6

Trust: 1.0

vendor:siemensmodel:teamcenter visualizationscope:ltversion:14.1.0.8

Trust: 1.0

vendor:シーメンスmodel:teamcenter visualizationscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:jt2goscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2023-008588 // NVD: CVE-2023-33123

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2023-33123
value: HIGH

Trust: 1.8

productcert@siemens.com: CVE-2023-33123
value: HIGH

Trust: 1.0

CNNVD: CNNVD-202306-874
value: HIGH

Trust: 0.6

NVD:
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 2.0

NVD: CVE-2023-33123
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2023-008588 // NVD: CVE-2023-33123 // NVD: CVE-2023-33123 // CNNVD: CNNVD-202306-874

PROBLEMTYPE DATA

problemtype:CWE-125

Trust: 1.0

problemtype:Out-of-bounds read (CWE-125) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2023-008588 // NVD: CVE-2023-33123

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202306-874

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202306-874

CONFIGURATIONS

sources: NVD: CVE-2023-33123

PATCH

title:Siemens JT2Go Security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqbyid.tag?id=241391

Trust: 0.6

sources: CNNVD: CNNVD-202306-874

EXTERNAL IDS

db:NVDid:CVE-2023-33123

Trust: 3.3

db:SIEMENSid:SSA-538795

Trust: 2.5

db:ICS CERTid:ICSA-23-166-14

Trust: 0.8

db:JVNid:JVNVU99464755

Trust: 0.8

db:JVNDBid:JVNDB-2023-008588

Trust: 0.8

db:CNNVDid:CNNVD-202306-874

Trust: 0.6

db:VULMONid:CVE-2023-33123

Trust: 0.1

sources: VULMON: CVE-2023-33123 // JVNDB: JVNDB-2023-008588 // NVD: CVE-2023-33123 // CNNVD: CNNVD-202306-874

REFERENCES

url:https://cert-portal.siemens.com/productcert/pdf/ssa-538795.pdf

Trust: 2.5

url:https://jvn.jp/vu/jvnvu99464755/

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2023-33123

Trust: 0.8

url:https://www.cisa.gov/news-events/ics-advisories/icsa-23-166-14

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2023-33123/

Trust: 0.6

url:https://nvd.nist.gov

Trust: 0.1

sources: VULMON: CVE-2023-33123 // JVNDB: JVNDB-2023-008588 // NVD: CVE-2023-33123 // CNNVD: CNNVD-202306-874

SOURCES

db:VULMONid:CVE-2023-33123
db:JVNDBid:JVNDB-2023-008588
db:NVDid:CVE-2023-33123
db:CNNVDid:CNNVD-202306-874

LAST UPDATE DATE

2023-12-18T11:24:48.250000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2023-33123date:2023-06-13T00:00:00
db:JVNDBid:JVNDB-2023-008588date:2023-12-01T08:15:00
db:NVDid:CVE-2023-33123date:2023-06-21T20:37:57.867
db:CNNVDid:CNNVD-202306-874date:2023-06-25T00:00:00

SOURCES RELEASE DATE

db:VULMONid:CVE-2023-33123date:2023-06-13T00:00:00
db:JVNDBid:JVNDB-2023-008588date:2023-12-01T00:00:00
db:NVDid:CVE-2023-33123date:2023-06-13T09:15:18.437
db:CNNVDid:CNNVD-202306-874date:2023-06-13T00:00:00