CVE-2023-38076

Published Sep 12, 2023

Last updated 9 months ago

CVSS high 7.8

Overview

Description: A vulnerability has been identified in JT2Go (All versions < V14.3.0.1), Teamcenter Visualization V13.3 (All versions < V13.3.0.12), Teamcenter Visualization V14.0 (All versions), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.1), Tecnomatix Plant Simulation V2201 (All versions < V2201.0010), Tecnomatix Plant Simulation V2302 (All versions < V2302.0004). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21041)
Source: productcert@siemens.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.8
Impact score: 5.9
Exploitability score: 1.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Severity: HIGH

Weaknesses

nvd@nist.gov: CWE-787
productcert@siemens.com: CWE-122

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2ABFF8F6-AB75-4EB4-AA59-D297EA29B4D1",
            "versionEndExcluding": "14.3.0.1"
          },
          {
            "criteria": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "88242224-85E8-4F7B-8AF3-D5CFDBE741BE",
            "versionEndExcluding": "13.4.0.12",
            "versionStartIncluding": "13.3.0"
          },
          {
            "criteria": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B0A2FCDD-F71A-4AE1-B969-55B7A0D0DF0D",
            "versionEndExcluding": "14.1.0.11",
            "versionStartIncluding": "14.0"
          },
          {
            "criteria": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7E1EFF45-5311-4E89-B736-271EF3C0C232",
            "versionEndExcluding": "14.2.0.6",
            "versionStartIncluding": "14.2"
          },
          {
            "criteria": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5F7641A6-5EF6-4258-A7E0-87CC180B30F0",
            "versionEndExcluding": "14.3.0.1",
            "versionStartIncluding": "14.3"
          },
          {
            "criteria": "cpe:2.3:a:siemens:tecnomatix_plant_simulation:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BA6A5E33-8719-4EE1-BAFB-B99E845B6ABD",
            "versionEndExcluding": "2201.0010",
            "versionStartIncluding": "2201.0"
          },
          {
            "criteria": "cpe:2.3:a:siemens:tecnomatix_plant_simulation:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "533E989F-6492-4486-B4BD-3E1DBC40D53B",
            "versionEndExcluding": "2302.0004",
            "versionStartIncluding": "2302.0"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References