CVE-2022-41851

CWE-8243 documents3 sources

Severity

7.8HIGH

EPSS

0.1%

top 80.66%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Siemens JT Open Toolkit Siemens Simcenter Femap Siemens Jttk +2 more

Timeline

PublishedOct 11

Description

A vulnerability has been identified in JTTK (All versions < V11.1.1.0), Simcenter Femap V2022.1 (All versions < V2022.1.3), Simcenter Femap V2022.2 (All versions < V2022.2.2). The JTTK library is vulnerable to an uninitialized pointer reference vulnerability while parsing specially crafted JT files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-16973)

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages5 packages

▶CVEListV5siemens/simcenter_femap_v2022.1All versions < V2022.1.3

▶CVEListV5siemens/simcenter_femap_v2022.2All versions < V2022.2.2

▶NVDsiemens/simcenter_femap2022.1.0 — 2022.1.3+1

▶CVEListV5siemens/jttkAll versions < V11.1.1.0

▶NVDsiemens/jt_open_toolkit< 11.1.1.0

Patches

Patch: cert-portal.siemens.com ↗Patch: cert-portal.siemens.com ↗

🔴Vulnerability Details

CVEList

CVE-2022-41851: A vulnerability has been identified in JTTK (All versions < V11↗2022-10-11

▶

GHSA

GHSA-4xcw-w9g9-vg97: A vulnerability has been identified in JTTK (All versions < V11↗2022-10-11

▶