ID

VAR-202306-0900


CVE

CVE-2023-33122


TITLE

Siemens'  JT2Go  and  Teamcenter Visualization  Out-of-bounds read vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2023-008589

DESCRIPTION

A vulnerability has been identified in JT2Go (All versions < V14.2.0.3), Teamcenter Visualization V13.2 (All versions < V13.2.0.13), Teamcenter Visualization V13.3 (All versions < V13.3.0.10), Teamcenter Visualization V14.0 (All versions < V14.0.0.6), Teamcenter Visualization V14.1 (All versions < V14.1.0.8), Teamcenter Visualization V14.2 (All versions < V14.2.0.3). The affected applications contain an out of bounds read past the end of an allocated buffer while parsing a specially crafted CGM file. This vulnerability could allow an attacker to disclose sensitive information. Siemens' JT2Go and Teamcenter Visualization Exists in an out-of-bounds read vulnerability.Information may be obtained

Trust: 1.71

sources: NVD: CVE-2023-33122 // JVNDB: JVNDB-2023-008589 // VULMON: CVE-2023-33122

AFFECTED PRODUCTS

vendor:siemensmodel:teamcenter visualizationscope:ltversion:14.2.0.3

Trust: 1.0

vendor:siemensmodel:teamcenter visualizationscope:gteversion:13.2.0

Trust: 1.0

vendor:siemensmodel:teamcenter visualizationscope:gteversion:13.3.0

Trust: 1.0

vendor:siemensmodel:teamcenter visualizationscope:gteversion:14.1

Trust: 1.0

vendor:siemensmodel:teamcenter visualizationscope:ltversion:13.3.0.10

Trust: 1.0

vendor:siemensmodel:jt2goscope:ltversion:14.2.0.3

Trust: 1.0

vendor:siemensmodel:teamcenter visualizationscope:gteversion:14.2

Trust: 1.0

vendor:siemensmodel:teamcenter visualizationscope:ltversion:13.2.0.13

Trust: 1.0

vendor:siemensmodel:teamcenter visualizationscope:gteversion:14.0

Trust: 1.0

vendor:siemensmodel:teamcenter visualizationscope:ltversion:14.0.0.6

Trust: 1.0

vendor:siemensmodel:teamcenter visualizationscope:ltversion:14.1.0.8

Trust: 1.0

vendor:シーメンスmodel:teamcenter visualizationscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:jt2goscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2023-008589 // NVD: CVE-2023-33122

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2023-33122
value: MEDIUM

Trust: 1.8

productcert@siemens.com: CVE-2023-33122
value: LOW

Trust: 1.0

CNNVD: CNNVD-202306-876
value: MEDIUM

Trust: 0.6

NVD:
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

productcert@siemens.com:
baseSeverity: LOW
baseScore: 3.3
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: CVE-2023-33122
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2023-008589 // NVD: CVE-2023-33122 // NVD: CVE-2023-33122 // CNNVD: CNNVD-202306-876

PROBLEMTYPE DATA

problemtype:CWE-125

Trust: 1.0

problemtype:Out-of-bounds read (CWE-125) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2023-008589 // NVD: CVE-2023-33122

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202306-876

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202306-876

CONFIGURATIONS

sources: NVD: CVE-2023-33122

PATCH

title:Siemens JT2Go Buffer error vulnerability fixurl:http://123.124.177.30/web/xxk/bdxqbyid.tag?id=242502

Trust: 0.6

sources: CNNVD: CNNVD-202306-876

EXTERNAL IDS

db:NVDid:CVE-2023-33122

Trust: 3.3

db:SIEMENSid:SSA-538795

Trust: 2.5

db:ICS CERTid:ICSA-23-166-14

Trust: 0.8

db:JVNid:JVNVU99464755

Trust: 0.8

db:JVNDBid:JVNDB-2023-008589

Trust: 0.8

db:CNNVDid:CNNVD-202306-876

Trust: 0.6

db:VULMONid:CVE-2023-33122

Trust: 0.1

sources: VULMON: CVE-2023-33122 // JVNDB: JVNDB-2023-008589 // NVD: CVE-2023-33122 // CNNVD: CNNVD-202306-876

REFERENCES

url:https://cert-portal.siemens.com/productcert/pdf/ssa-538795.pdf

Trust: 2.5

url:https://jvn.jp/vu/jvnvu99464755/

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2023-33122

Trust: 0.8

url:https://www.cisa.gov/news-events/ics-advisories/icsa-23-166-14

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2023-33122/

Trust: 0.6

url:https://nvd.nist.gov

Trust: 0.1

sources: VULMON: CVE-2023-33122 // JVNDB: JVNDB-2023-008589 // NVD: CVE-2023-33122 // CNNVD: CNNVD-202306-876

SOURCES

db:VULMONid:CVE-2023-33122
db:JVNDBid:JVNDB-2023-008589
db:NVDid:CVE-2023-33122
db:CNNVDid:CNNVD-202306-876

LAST UPDATE DATE

2023-12-18T11:18:43.852000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2023-33122date:2023-06-13T00:00:00
db:JVNDBid:JVNDB-2023-008589date:2023-12-01T08:15:00
db:NVDid:CVE-2023-33122date:2023-06-22T00:05:51.170
db:CNNVDid:CNNVD-202306-876date:2023-06-25T00:00:00

SOURCES RELEASE DATE

db:VULMONid:CVE-2023-33122date:2023-06-13T00:00:00
db:JVNDBid:JVNDB-2023-008589date:2023-12-01T00:00:00
db:NVDid:CVE-2023-33122date:2023-06-13T09:15:18.380
db:CNNVDid:CNNVD-202306-876date:2023-06-13T00:00:00