Details of VAR-202401-0192

ID

VAR-202401-0192

CVE

CVE-2023-51744

TITLE

Siemens' JT2Go and Teamcenter Visualization In NULL Pointer dereference vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2023-024621

DESCRIPTION

A vulnerability has been identified in JT2Go (All versions < V14.3.0.6), Teamcenter Visualization V13.3 (All versions < V13.3.0.13), Teamcenter Visualization V14.1 (All versions < V14.1.0.12), Teamcenter Visualization V14.2 (All versions < V14.2.0.9), Teamcenter Visualization V14.3 (All versions < V14.3.0.6). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to crash the application causing denial of service condition. Siemens' JT2Go and Teamcenter Visualization for, NULL There is a vulnerability in pointer dereference.Service operation interruption (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2023-51744 // JVNDB: JVNDB-2023-024621

AFFECTED PRODUCTS

vendor:	siemens	model:	teamcenter visualization	scope:	gte	version:	14.2	Trust: 1.0
vendor:	siemens	model:	teamcenter visualization	scope:	gte	version:	13.3.0	Trust: 1.0
vendor:	siemens	model:	teamcenter visualization	scope:	lt	version:	14.3.0.6	Trust: 1.0
vendor:	siemens	model:	teamcenter visualization	scope:	gte	version:	14.1	Trust: 1.0
vendor:	siemens	model:	teamcenter visualization	scope:	lt	version:	14.2.0.9	Trust: 1.0
vendor:	siemens	model:	teamcenter visualization	scope:	gte	version:	14.3	Trust: 1.0
vendor:	siemens	model:	jt2go	scope:	lt	version:	14.3.0.6	Trust: 1.0
vendor:	siemens	model:	teamcenter visualization	scope:	lt	version:	14.1.0.12	Trust: 1.0
vendor:	siemens	model:	teamcenter visualization	scope:	lt	version:	13.3.0.13	Trust: 1.0
vendor:	シーメンス	model:	teamcenter visualization	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	jt2go	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2023-024621 // NVD: CVE-2023-51744

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2023-51744
value:	MEDIUM
Trust: 1.8
productcert@siemens.com:	CVE-2023-51744
value:	LOW
Trust: 1.0

NVD:
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.1
Trust: 1.0
productcert@siemens.com:
baseSeverity:	LOW
baseScore:	3.3
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	LOW
exploitabilityScore:	1.8
impactScore:	1.4
version:	3.1
Trust: 1.0
NVD:	CVE-2023-51744
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2023-024621 // NVD: CVE-2023-51744 // NVD: CVE-2023-51744

PROBLEMTYPE DATA

problemtype:	CWE-476	Trust: 1.0
problemtype:	NULL Pointer dereference (CWE-476) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2023-024621 // NVD: CVE-2023-51744

EXTERNAL IDS

db:	NVD	id:	CVE-2023-51744	Trust: 2.6
db:	SIEMENS	id:	SSA-794653	Trust: 1.8
db:	ICS CERT	id:	ICSA-24-011-06	Trust: 0.8
db:	JVN	id:	JVNVU92179258	Trust: 0.8
db:	JVNDB	id:	JVNDB-2023-024621	Trust: 0.8

sources: JVNDB: JVNDB-2023-024621 // NVD: CVE-2023-51744

REFERENCES

url:	https://cert-portal.siemens.com/productcert/pdf/ssa-794653.pdf	Trust: 1.8
url:	https://jvn.jp/vu/jvnvu92179258/	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2023-51744	Trust: 0.8
url:	https://www.cisa.gov/news-events/ics-advisories/icsa-24-011-06	Trust: 0.8

sources: JVNDB: JVNDB-2023-024621 // NVD: CVE-2023-51744

SOURCES

db:	JVNDB	id:	JVNDB-2023-024621
db:	NVD	id:	CVE-2023-51744

LAST UPDATE DATE

2024-02-02T22:35:07.392000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2023-024621	date:	2024-02-01T02:55:00
db:	NVD	id:	CVE-2023-51744	date:	2024-01-11T20:39:08.490

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2023-024621	date:	2024-02-01T00:00:00
db:	NVD	id:	CVE-2023-51744	date:	2024-01-09T10:15:21.657