CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
Percentile
29.4%
The version of Siemens JT2Go installed on the remote Windows hosts is prior to 13.3.0.5. It is, therefore, affected by a heap-based buffer overflow flaw that could cause a denial of service (DoS) condition or remote code execution if exploited by an attacker.
Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(164063);
script_version("1.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2022/11/14");
script_cve_id("CVE-2022-2069");
script_xref(name:"IAVA", value:"2022-A-0312-S");
script_name(english:"Siemens JT2Go < 13.3.0.5 RCE (SSA-829738)");
script_set_attribute(attribute:"synopsis", value:
"The remote Windows host contains an application affected by a remote code execution vulnerability.");
script_set_attribute(attribute:"description", value:
"The version of Siemens JT2Go installed on the remote Windows hosts is prior to 13.3.0.5. It is, therefore, affected by
a heap-based buffer overflow flaw that could cause a denial of service (DoS) condition or remote code execution if
exploited by an attacker.
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://cert-portal.siemens.com/productcert/pdf/ssa-829738.pdf");
script_set_attribute(attribute:"solution", value:
"Update JT2Go to version 13.3.0.5.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-2069");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"vuln_publication_date", value:"2022/07/12");
script_set_attribute(attribute:"patch_publication_date", value:"2022/07/12");
script_set_attribute(attribute:"plugin_publication_date", value:"2022/08/11");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:siemens:jt2go");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows");
script_copyright(english:"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("siemens_jt2go_win_installed.nbin");
script_require_keys("installed_sw/Siemens JT2Go");
exit(0);
}
include('vcf.inc');
var app_info = vcf::get_app_info(app:'Siemens JT2Go', win_local:TRUE);
var constraints = [
{ 'fixed_version': '13.3.0.22098', 'fixed_display':'13.3.0.5' }
];
vcf::check_version_and_report(
app_info:app_info,
constraints:constraints,
severity:SECURITY_HOLE
);