CVE-2024-34086

EUVD-2024-34616

14.05.2024, 16:17

A vulnerability has been identified in JT2Go (All versions < V2312.0001), Teamcenter Visualization V14.1 (All versions < V14.1.0.13), Teamcenter Visualization V14.2 (All versions < V14.2.0.10), Teamcenter Visualization V14.3 (All versions < V14.3.0.7), Teamcenter Visualization V2312 (All versions < V2312.0001). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted CGM file.
This could allow an attacker to execute code in the context of the current process.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.8 HIGH	LOCAL	LOW	NONE	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 36%

Affected Products (NVD)

Vendor	Product	Version
siemens	jt2go	𝑥 < 2312.0001
siemens	teamcenter_visualization	14.1 ≤ 𝑥 < 14.1.0.13
siemens	teamcenter_visualization	14.2 ≤ 𝑥 < 14.2.0.10
siemens	teamcenter_visualization	14.3 ≤ 𝑥 < 14.3.0.7
siemens	teamcenter_visualization	2312.0 ≤ 𝑥 < 2312.0001

𝑥

= Vulnerable software versions

Early Detection

Affected products identified ahead of NVD analysis through intelligence sources.

Vendor	Product	Version	Source
siemens	jt2go	𝑥 < V2312.0001	ADP
siemens	teamcenter_visualization	𝑥 < V14.1.0.13	ADP
siemens	teamcenter_visualization	𝑥 < 14.2.0.10	ADP
siemens	teamcenter_visualization	𝑥 < V2312.0001	ADP
siemens	teamcenter_visualization	𝑥 < 14.3.0.7	ADP

Common Weakness Enumeration

CWE-787 - Out-of-bounds Write
The software writes data past the end, or before the beginning, of the intended buffer.

References

https://cert-portal.siemens.com/productcert/html/ssa-661579.html