Lucene search
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.SIEMENS_JT2GO_SSA-659917.NASLHistoryApr 20, 2023 - 12:00 a.m.
Siemens JT2Go < 14.2.0.2 Code Execution (SSA-629917)
2023-04-2000:00:00
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
14
siemens jt2go
windows
code execution
vulnerability
buffer overflow
update
EPSS
0.001
Percentile
20.3%
The version of Siemens JT2Go installed on the remote Windows hosts is prior to 14.2.0.2. It is, therefore, affected by a code execution vulnerability due to a stack-based buffer overflow in the APDFL.dll library. When a specially-crafted file is opened by an unsuspecting user, arbitrary code can be executed in the context of the program.
Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(174522);
script_version("1.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/06/16");
script_cve_id("CVE-2023-1709");
script_xref(name:"IAVA", value:"2023-A-0202-S");
script_name(english:"Siemens JT2Go < 14.2.0.2 Code Execution (SSA-629917)");
script_set_attribute(attribute:"synopsis", value:
"The remote Windows host contains an application affected by a code execution vulnerability.");
script_set_attribute(attribute:"description", value:
"The version of Siemens JT2Go installed on the remote Windows hosts is prior to 14.2.0.2. It is, therefore, affected by
a code execution vulnerability due to a stack-based buffer overflow in the APDFL.dll library. When a specially-crafted
file is opened by an unsuspecting user, arbitrary code can be executed in the context of the program.
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://cert-portal.siemens.com/productcert/pdf/ssa-629917.pdf");
script_set_attribute(attribute:"solution", value:
"Update JT2Go to version 14.2.0.2 or later.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-1709");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"vuln_publication_date", value:"2023/04/11");
script_set_attribute(attribute:"patch_publication_date", value:"2023/04/11");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/04/20");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:siemens:jt2go");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows");
script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("siemens_jt2go_win_installed.nbin");
script_require_keys("installed_sw/Siemens JT2Go");
exit(0);
}
include('vcf.inc');
var app_info = vcf::get_app_info(app:'Siemens JT2Go', win_local:TRUE);
var constraints = [
{ 'fixed_version': '14.2.0.23026', 'fixed_display':'14.2.0.2' }
];
vcf::check_version_and_report(
app_info:app_info,
constraints:constraints,
severity:SECURITY_HOLE
);
Related
ics
ics
Datalogics Library Third-Party
2023-06-13 12:00:00
Siemens Teamcenter Visualization and JT2Go
2023-04-13 12:00:00
prion
prion
Stack overflow
2023-06-07 21:15:00
cve
cve
CVE-2023-1709
2023-06-07 21:15:12
cvelist
cvelist
CVE-2023-1709 Datalogics Library APDFL Stack-based Buffer Overflow
2023-06-07 20:36:05
nvd
nvd
CVE-2023-1709
2023-06-07 21:15:12