CVE-2022-29030Integer Overflow to Buffer Overflow in Siemens Jt2go

CWE-680Integer Overflow to Buffer OverflowCWE-190Integer Overflow or Wraparound3 documents3 sources
Severity
5.5MEDIUMNVD
EPSS
0.2%
top 62.60%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Siemens Jt2goSiemens Teamcenter VisualizationSiemens Teamcenter Visualization V13.3+1 more
Timeline
PublishedMay 20
Latest updateMay 21

Description

A vulnerability has been identified in JT2Go (All versions < V13.3.0.3), Teamcenter Visualization V13.3 (All versions < V13.3.0.3), Teamcenter Visualization V14.0 (All versions < V14.0.0.1). The Mono_Loader.dll library is vulnerable to integer overflow condition while parsing specially crafted TG4 files. An attacker could leverage this vulnerability to crash the application causing denial of service condition.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages5 packages

NVDsiemens/teamcenter_visualization13.313.3.0.3+1
CVEListV5siemens/teamcenter_visualization_v13.3All versions < V13.3.0.3
CVEListV5siemens/teamcenter_visualization_v14.0All versions < V14.0.0.1
NVDsiemens/jt2go< 13.3.0.3
CVEListV5siemens/jt2goAll versions < V13.3.0.3

Patches

Patch: cert-portal.siemens.comPatch: cert-portal.siemens.com

🔴Vulnerability Details

2
GHSA
GHSA-grvp-x94j-hv4j: A vulnerability has been identified in JT2Go (All versions < V132022-05-21
CVEList
CVE-2022-29030: A vulnerability has been identified in JT2Go (All versions < V132022-05-10
CVE-2022-29030 — Integer Overflow to Buffer Overflow | cvebase