Lucene search

SiemensCVELIST:CVE-2020-26993

HistoryJan 12, 2021 - 8:18 p.m.

CVE-2020-26993

2021-01-1220:18:35

CWE-121

siemens

www.cve.org

vulnerability

jt2go

teamcenter visualization

validation

user-supplied data

cgm files

buffer overflow

font index

attacker

code execution

AI Score

8.1

Confidence

High

EPSS

0.001

Percentile

34.1%

JSON

A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing CGM files. This could lead to a stack based buffer overflow while trying to copy to a buffer in the font index handling function. An attacker could leverage this vulnerability to execute code in the context of the current process.

CNA Affected

[
  {
    "product": "JT2Go",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V13.1.0"
      }
    ]
  },
  {
    "product": "Teamcenter Visualization",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V13.1.0"
      }
    ]
  }
]

References

cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf