Details of VAR-202306-0899

ID

VAR-202306-0899

CVE

CVE-2023-33121

TITLE

Siemens' JT2Go and Teamcenter Visualization In NULL Pointer dereference vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2023-008590

DESCRIPTION

A vulnerability has been identified in JT2Go (All versions < V14.2.0.3), Teamcenter Visualization V13.2 (All versions < V13.2.0.13), Teamcenter Visualization V13.3 (All versions < V13.3.0.10), Teamcenter Visualization V14.0 (All versions < V14.0.0.6), Teamcenter Visualization V14.1 (All versions < V14.1.0.8), Teamcenter Visualization V14.2 (All versions < V14.2.0.3). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to crash the application causing denial of service condition. Siemens' JT2Go and Teamcenter Visualization for, NULL There is a vulnerability in pointer dereference.Service operation interruption (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2023-33121 // JVNDB: JVNDB-2023-008590 // VULMON: CVE-2023-33121

AFFECTED PRODUCTS

vendor:	siemens	model:	teamcenter visualization	scope:	lt	version:	14.2.0.3	Trust: 1.0
vendor:	siemens	model:	teamcenter visualization	scope:	gte	version:	14.1	Trust: 1.0
vendor:	siemens	model:	teamcenter visualization	scope:	gte	version:	13.3.0	Trust: 1.0
vendor:	siemens	model:	teamcenter visualization	scope:	lt	version:	13.3.0.10	Trust: 1.0
vendor:	siemens	model:	jt2go	scope:	lt	version:	14.2.0.3	Trust: 1.0
vendor:	siemens	model:	teamcenter visualization	scope:	gte	version:	14.2	Trust: 1.0
vendor:	siemens	model:	teamcenter visualization	scope:	lt	version:	13.2.0.13	Trust: 1.0
vendor:	siemens	model:	teamcenter visualization	scope:	gte	version:	14.0	Trust: 1.0
vendor:	siemens	model:	teamcenter visualization	scope:	lt	version:	14.0.0.6	Trust: 1.0
vendor:	siemens	model:	teamcenter visualization	scope:	lt	version:	14.1.0.8	Trust: 1.0
vendor:	シーメンス	model:	teamcenter visualization	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	jt2go	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2023-008590 // NVD: CVE-2023-33121

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2023-33121
value:	MEDIUM
Trust: 1.8
productcert@siemens.com:	CVE-2023-33121
value:	LOW
Trust: 1.0
CNNVD:	CNNVD-202306-873
value:	MEDIUM
Trust: 0.6

NVD:
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.1
Trust: 1.0
productcert@siemens.com:
baseSeverity:	LOW
baseScore:	3.3
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	LOW
exploitabilityScore:	1.8
impactScore:	1.4
version:	3.1
Trust: 1.0
NVD:	CVE-2023-33121
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2023-008590 // NVD: CVE-2023-33121 // NVD: CVE-2023-33121 // CNNVD: CNNVD-202306-873

PROBLEMTYPE DATA

problemtype:	CWE-476	Trust: 1.0
problemtype:	NULL Pointer dereference (CWE-476) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2023-008590 // NVD: CVE-2023-33121

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202306-873

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-202306-873

CONFIGURATIONS

sources: NVD: CVE-2023-33121

PATCH

title:

Siemens JT2Go Fixes for code issue vulnerabilities

url:

http://123.124.177.30/web/xxk/bdxqbyid.tag?id=242501

Trust: 0.6

sources: CNNVD: CNNVD-202306-873

EXTERNAL IDS

db:	NVD	id:	CVE-2023-33121	Trust: 3.3
db:	SIEMENS	id:	SSA-538795	Trust: 2.5
db:	ICS CERT	id:	ICSA-23-166-14	Trust: 0.8
db:	JVN	id:	JVNVU99464755	Trust: 0.8
db:	JVNDB	id:	JVNDB-2023-008590	Trust: 0.8
db:	CNNVD	id:	CNNVD-202306-873	Trust: 0.6
db:	VULMON	id:	CVE-2023-33121	Trust: 0.1

sources: VULMON: CVE-2023-33121 // JVNDB: JVNDB-2023-008590 // NVD: CVE-2023-33121 // CNNVD: CNNVD-202306-873

REFERENCES

url:	https://cert-portal.siemens.com/productcert/pdf/ssa-538795.pdf	Trust: 2.5
url:	https://jvn.jp/vu/jvnvu99464755/	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2023-33121	Trust: 0.8
url:	https://www.cisa.gov/news-events/ics-advisories/icsa-23-166-14	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2023-33121/	Trust: 0.6
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULMON: CVE-2023-33121 // JVNDB: JVNDB-2023-008590 // NVD: CVE-2023-33121 // CNNVD: CNNVD-202306-873

SOURCES

db:	VULMON	id:	CVE-2023-33121
db:	JVNDB	id:	JVNDB-2023-008590
db:	NVD	id:	CVE-2023-33121
db:	CNNVD	id:	CNNVD-202306-873

LAST UPDATE DATE

2023-12-18T11:19:29.115000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2023-33121	date:	2023-06-13T00:00:00
db:	JVNDB	id:	JVNDB-2023-008590	date:	2023-12-01T08:15:00
db:	NVD	id:	CVE-2023-33121	date:	2023-06-21T20:15:37.563
db:	CNNVD	id:	CNNVD-202306-873	date:	2023-06-25T00:00:00

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2023-33121	date:	2023-06-13T00:00:00
db:	JVNDB	id:	JVNDB-2023-008590	date:	2023-12-01T00:00:00
db:	NVD	id:	CVE-2023-33121	date:	2023-06-13T09:15:18.323
db:	CNNVD	id:	CNNVD-202306-873	date:	2023-06-13T00:00:00