CVE-2022-41851

2022-10-1100:00:00

CWE-824

siemens

www.cve.org

vulnerability

jttk

simcenter femap

uninitialized pointer reference

jt files

execute code

0.001 Low

EPSS

Percentile

23.6%

JSON

A vulnerability has been identified in JTTK (All versions < V11.1.1.0), Simcenter Femap V2022.1 (All versions < V2022.1.3), Simcenter Femap V2022.2 (All versions < V2022.2.2). The JTTK library is vulnerable to an uninitialized pointer reference vulnerability while parsing specially crafted JT files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-16973)

CNA Affected

[
  {
    "vendor": "Siemens",
    "product": "JTTK",
    "versions": [
      {
        "version": "All versions < V11.1.1.0",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Siemens",
    "product": "Simcenter Femap V2022.1",
    "versions": [
      {
        "version": "All versions < V2022.1.3",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Siemens",
    "product": "Simcenter Femap V2022.2",
    "versions": [
      {
        "version": "All versions < V2022.2.2",
        "status": "affected"
      }
    ]
  }
]

References

cert-portal.siemens.com/productcert/pdf/ssa-611756.pdf

0.001 Low

EPSS

Percentile

23.6%

JSON

Related for CVELIST:CVE-2022-41851