CVE-2022-41662

Опубликовано: 08 нояб. 2022

Источник: nvd

CVSS3: 7.8

EPSS Низкий

Описание

A vulnerability has been identified in JT2Go (All versions < V14.1.0.4), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.7), Teamcenter Visualization V14.0 (All versions < V14.0.0.3), Teamcenter Visualization V14.1 (All versions < V14.1.0.4). The affected products contain an out of bounds read vulnerability when parsing a CGM file. An attacker can leverage this vulnerability to execute code in the context of the current process.

Ссылки

https://cert-portal.siemens.com/productcert/pdf/ssa-120378.pdf
Vendor Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-120378.pdf
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*

Версия до 14.1.0.4 (исключая)

cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*

Версия от 13.3.0 (включая) до 13.3.0.7 (исключая)

cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*

Версия от 14.0 (включая) до 14.0.0.3 (исключая)

cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*

Версия от 14.1 (включая) до 14.1.0.4 (исключая)

EPSS

Процентиль: 28%

0.00095

Низкий

7.8 High

CVSS3

Дефекты

CWE-125

Связанные уязвимости

GHSA-2227-8m6h-q7c2

CVSS3: 7.8

github

больше 2 лет назад

A vulnerability has been identified in JT2Go (All versions < V14.1.0.4), Teamcenter Visualization V13.3 (All versions < V13.3.0.7), Teamcenter Visualization V14.0 (All versions < V14.0.0.3), Teamcenter Visualization V14.1 (All versions < V14.1.0.4). The affected products contain an out of bounds read vulnerability when parsing a CGM file. An attacker can leverage this vulnerability to execute code in the context of the current process.

EPSS

Процентиль: 28%

0.00095

Низкий

7.8 High

CVSS3

Дефекты

CWE-125