Siemens Jt2Go vulnerabilities

CVE-2020-27007 [MEDIUM] CWE-125 CVE-2020-27007: A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (A A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing of HPG files. This could result in a memory access past the end of an allocated buffer. An attacker could leverage this vulnerability to access d

CVE-2020-26998 [MEDIUM] CWE-125 CVE-2020-26998: A vulnerability has been identified in JT2Go (All versions < V13.1.0.2), Teamcenter Visualization (A A vulnerability has been identified in JT2Go (All versions < V13.1.0.2), Teamcenter Visualization (All versions < V13.1.0.2). Affected applications lack proper validation of user-supplied data when parsing of PAR files. This could result in a memory access past the end of an allocated buffer. An attacker could leverage this vulnerability to leak inf

CVE-2020-28394 [MEDIUM] CWE-125 CVE-2020-28394: A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (A A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing of RAS files. This could result in a memory access past the end of an allocated buffer. An attacker could leverage this vulnerability to access d

CVE-2020-27004 [MEDIUM] CWE-125 CVE-2020-27004: A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (A A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing of CGM files. This could result in a memory access past the end of an allocated buffer. An attacker could leverage this vulnerability to access d

CVE-2020-27008 [MEDIUM] CWE-125 CVE-2020-27008: A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (A A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing of PLT files. This could result in a memory access past the end of an allocated buffer. An attacker could leverage this vulnerability to access d

CVE-2021-25174 [HIGH] CWE-787 CVE-2021-25174: An issue was discovered in Open Design Alliance Drawings SDK before 2021.12. A memory corruption vul An issue was discovered in Open Design Alliance Drawings SDK before 2021.12. A memory corruption vulnerability exists when reading malformed DGN files. It can allow attackers to cause a crash, potentially enabling denial of service (Crash, Exit, or Restart).

CVE-2021-25173 [HIGH] CWE-770 CVE-2021-25173: An issue was discovered in Open Design Alliance Drawings SDK before 2021.12. A memory allocation wit An issue was discovered in Open Design Alliance Drawings SDK before 2021.12. A memory allocation with excessive size vulnerability exists when reading malformed DGN files, which allows attackers to cause a crash, potentially enabling denial of service (crash, exit, or restart).

CVE-2021-25177 [HIGH] CWE-843 CVE-2021-25177: An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A Type Confusion issue An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A Type Confusion issue exists when rendering malformed .DXF and .DWG files. This can allow attackers to cause a crash, potentially enabling a denial of service attack (Crash, Exit, or Restart).

CVE-2021-25176 [HIGH] CWE-476 CVE-2021-25176: An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A NULL pointer derefere An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A NULL pointer dereference exists when rendering malformed .DXF and .DWG files. This can allow attackers to cause a crash, potentially enabling a denial of service attack (Crash, Exit, or Restart).

CVE-2021-25178 [HIGH] CWE-787 CVE-2021-25178: An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A stack-based buffer ov An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A stack-based buffer overflow vulnerability exists when the recover operation is run with malformed .DXF and .DWG files. This can allow attackers to cause a crash potentially enabling a denial of service attack (Crash, Exit, or Restart) or possible code execution.

CVE-2021-25175 [HIGH] CWE-704 CVE-2021-25175: An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A Type Conversion issue An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A Type Conversion issue exists when rendering malformed .DXF and .DWG files. This can allow attackers to cause a crash, potentially enabling a denial of service attack (Crash, Exit, or Restart).

CVE-2020-28383 [HIGH] CWE-787 CVE-2020-28383: A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Solid Edge SE2020 (All Vers A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Solid Edge SE2020 (All Versions < SE2020MP12), Solid Edge SE2021 (All Versions < SE2021MP2), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing PAR files. This can result in an out of bounds write p

CVE-2020-26993 [HIGH] CWE-121 CVE-2020-26993: A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing CGM files. This could lead to a stack based buffer overflow while trying to copy to a buffer in the font index handling function. An attacker could lev

CVE-2020-26996 [HIGH] CWE-125 CVE-2020-26996: A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing of CG4 files. This could result in a memory access past the end of an allocated buffer. An attacker could leverage this vulnerability to execute code i

CVE-2020-26991 [HIGH] CWE-822 CVE-2020-26991: A vulnerability has been identified in JT2Go (All versions < V13.1.0.2), Teamcenter Visualization (A A vulnerability has been identified in JT2Go (All versions < V13.1.0.2), Teamcenter Visualization (All versions < V13.1.0.2). Affected applications lack proper validation of user-supplied data when parsing ASM files. This could lead to pointer dereferences of a value obtained from untrusted source. An attacker could leverage this vulnerability to exec

CVE-2020-26989 [HIGH] CWE-121 CVE-2020-26989: A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Solid Edge SE2020 (All Vers A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Solid Edge SE2020 (All Versions < SE2020MP12), Solid Edge SE2021 (All Versions < SE2021MP2), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing of PAR files. This could result in a stack based buffe

CVE-2020-26988 [HIGH] CWE-787 CVE-2020-26988: A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing of PAR files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to exec

CVE-2020-26994 [HIGH] CWE-122 CVE-2020-26994: A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing of PCX files. This could result in a heap-based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the cu

CVE-2020-26983 [HIGH] CWE-787 CVE-2020-26983: A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing PDF files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute

CVE-2020-26987 [HIGH] CWE-122 CVE-2020-26987: A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing of TGA files. This could lead to a heap-based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the curr