CVE-2024-26277

EUVD-2024-23549

09.04.2024, 09:15

A vulnerability has been identified in JT2Go (All versions < V2312.0004), Parasolid V35.1 (All versions < V35.1.254), Parasolid V36.0 (All versions < V36.0.207), Parasolid V36.1 (All versions < V36.1.147), Teamcenter Visualization V14.2 (All versions < V14.2.0.12), Teamcenter Visualization V14.3 (All versions < V14.3.0.9), Teamcenter Visualization V2312 (All versions < V2312.0004). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted X_T files. An attacker could leverage this vulnerability to crash the application causing denial of service condition.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
siemens	CNA	3.3 LOW	LOCAL	LOW	NONE	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

Base Score

CVSS 3.x

EPSS Score

Percentile: 17%

Early Detection

Affected products identified ahead of NVD analysis through intelligence sources.

Vendor	Product	Version	Source
siemens	jt2go	𝑥 < 2312.4	CNA
siemens	jt2go	𝑥 < 35.1.254	CNA
siemens	jt2go	𝑥 < 36.0.207	CNA
siemens	jt2go	𝑥 < 36.1.147	CNA
siemens	jt2go	𝑥 < 14.2.0.12	CNA
siemens	jt2go	𝑥 < 14.3.0.9	CNA

Common Weakness Enumeration

CWE-476 - NULL Pointer Dereference
A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.

References

https://cert-portal.siemens.com/productcert/html/ssa-222019.html

https://cert-portal.siemens.com/productcert/html/ssa-771940.html

https://cert-portal.siemens.com/productcert/html/ssa-222019.html

https://cert-portal.siemens.com/productcert/html/ssa-771940.html