CVE-2023-33121NULL Pointer Dereference in Siemens Jt2go

CWE-476NULL Pointer Dereference3 documents3 sources
Severity
5.5MEDIUMNVD
CNA3.3
EPSS
0.0%
top 85.61%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
7
Siemens Jt2goSiemens Teamcenter VisualizationSiemens Teamcenter Visualization V13.2+4 more
Timeline
PublishedJun 13

Description

A vulnerability has been identified in JT2Go (All versions < V14.2.0.3), Teamcenter Visualization V13.2 (All versions < V13.2.0.13), Teamcenter Visualization V13.3 (All versions < V13.3.0.10), Teamcenter Visualization V14.0 (All versions < V14.0.0.6), Teamcenter Visualization V14.1 (All versions < V14.1.0.8), Teamcenter Visualization V14.2 (All versions < V14.2.0.3). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted CGM files. An attacker

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages8 packages

NVDsiemens/teamcenter_visualization13.3.013.3.0.10+4
CVEListV5siemens/teamcenter_visualization_v13.2All versions < V13.2.0.13
CVEListV5siemens/teamcenter_visualization_v13.3All versions < V13.3.0.10
CVEListV5siemens/teamcenter_visualization_v14.0All versions < V14.0.0.6
CVEListV5siemens/teamcenter_visualization_v14.1All versions < V14.1.0.8

Patches

Patch: cert-portal.siemens.comPatch: cert-portal.siemens.com

🔴Vulnerability Details

2
CVEList
CVE-2023-33121: A vulnerability has been identified in JT2Go (All versions < V142023-06-13
GHSA
GHSA-2mxj-rgg6-f45q: A vulnerability has been identified in JT2Go (All versions < V142023-06-13
CVE-2023-33121 — NULL Pointer Dereference in Siemens | cvebase