ID

VAR-202306-0899


CVE

CVE-2023-33121


TITLE

Siemens'  JT2Go  and  Teamcenter Visualization  In  NULL  Pointer dereference vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2023-008590

DESCRIPTION

A vulnerability has been identified in JT2Go (All versions < V14.2.0.3), Teamcenter Visualization V13.2 (All versions < V13.2.0.13), Teamcenter Visualization V13.3 (All versions < V13.3.0.10), Teamcenter Visualization V14.0 (All versions < V14.0.0.6), Teamcenter Visualization V14.1 (All versions < V14.1.0.8), Teamcenter Visualization V14.2 (All versions < V14.2.0.3). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to crash the application causing denial of service condition. Siemens' JT2Go and Teamcenter Visualization for, NULL There is a vulnerability in pointer dereference.Service operation interruption (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2023-33121 // JVNDB: JVNDB-2023-008590 // VULMON: CVE-2023-33121

AFFECTED PRODUCTS

vendor:siemensmodel:teamcenter visualizationscope:ltversion:14.2.0.3

Trust: 1.0

vendor:siemensmodel:teamcenter visualizationscope:gteversion:14.1

Trust: 1.0

vendor:siemensmodel:teamcenter visualizationscope:gteversion:13.3.0

Trust: 1.0

vendor:siemensmodel:teamcenter visualizationscope:ltversion:13.3.0.10

Trust: 1.0

vendor:siemensmodel:jt2goscope:ltversion:14.2.0.3

Trust: 1.0

vendor:siemensmodel:teamcenter visualizationscope:gteversion:14.2

Trust: 1.0

vendor:siemensmodel:teamcenter visualizationscope:ltversion:13.2.0.13

Trust: 1.0

vendor:siemensmodel:teamcenter visualizationscope:gteversion:14.0

Trust: 1.0

vendor:siemensmodel:teamcenter visualizationscope:ltversion:14.0.0.6

Trust: 1.0

vendor:siemensmodel:teamcenter visualizationscope:ltversion:14.1.0.8

Trust: 1.0

vendor:シーメンスmodel:teamcenter visualizationscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:jt2goscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2023-008590 // NVD: CVE-2023-33121

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2023-33121
value: MEDIUM

Trust: 1.8

productcert@siemens.com: CVE-2023-33121
value: LOW

Trust: 1.0

CNNVD: CNNVD-202306-873
value: MEDIUM

Trust: 0.6

NVD:
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

productcert@siemens.com:
baseSeverity: LOW
baseScore: 3.3
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: 1.8
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: CVE-2023-33121
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2023-008590 // NVD: CVE-2023-33121 // NVD: CVE-2023-33121 // CNNVD: CNNVD-202306-873

PROBLEMTYPE DATA

problemtype:CWE-476

Trust: 1.0

problemtype:NULL Pointer dereference (CWE-476) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2023-008590 // NVD: CVE-2023-33121

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202306-873

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-202306-873

CONFIGURATIONS

sources: NVD: CVE-2023-33121

PATCH

title:Siemens JT2Go Fixes for code issue vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqbyid.tag?id=242501

Trust: 0.6

sources: CNNVD: CNNVD-202306-873

EXTERNAL IDS

db:NVDid:CVE-2023-33121

Trust: 3.3

db:SIEMENSid:SSA-538795

Trust: 2.5

db:ICS CERTid:ICSA-23-166-14

Trust: 0.8

db:JVNid:JVNVU99464755

Trust: 0.8

db:JVNDBid:JVNDB-2023-008590

Trust: 0.8

db:CNNVDid:CNNVD-202306-873

Trust: 0.6

db:VULMONid:CVE-2023-33121

Trust: 0.1

sources: VULMON: CVE-2023-33121 // JVNDB: JVNDB-2023-008590 // NVD: CVE-2023-33121 // CNNVD: CNNVD-202306-873

REFERENCES

url:https://cert-portal.siemens.com/productcert/pdf/ssa-538795.pdf

Trust: 2.5

url:https://jvn.jp/vu/jvnvu99464755/

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2023-33121

Trust: 0.8

url:https://www.cisa.gov/news-events/ics-advisories/icsa-23-166-14

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2023-33121/

Trust: 0.6

url:https://nvd.nist.gov

Trust: 0.1

sources: VULMON: CVE-2023-33121 // JVNDB: JVNDB-2023-008590 // NVD: CVE-2023-33121 // CNNVD: CNNVD-202306-873

SOURCES

db:VULMONid:CVE-2023-33121
db:JVNDBid:JVNDB-2023-008590
db:NVDid:CVE-2023-33121
db:CNNVDid:CNNVD-202306-873

LAST UPDATE DATE

2023-12-18T11:19:29.115000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2023-33121date:2023-06-13T00:00:00
db:JVNDBid:JVNDB-2023-008590date:2023-12-01T08:15:00
db:NVDid:CVE-2023-33121date:2023-06-21T20:15:37.563
db:CNNVDid:CNNVD-202306-873date:2023-06-25T00:00:00

SOURCES RELEASE DATE

db:VULMONid:CVE-2023-33121date:2023-06-13T00:00:00
db:JVNDBid:JVNDB-2023-008590date:2023-12-01T00:00:00
db:NVDid:CVE-2023-33121date:2023-06-13T09:15:18.323
db:CNNVDid:CNNVD-202306-873date:2023-06-13T00:00:00