CVE-2023-51744

2024-01-0910:15:21

CWE-476

[email protected]

web.nvd.nist.gov

vulnerability

jt2go

teamcenter visualization

null pointer

cgm files

denial of service

cve-2023-51744

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

AI Score

Confidence

High

EPSS

Percentile

15.7%

JSON

A vulnerability has been identified in JT2Go (All versions < V14.3.0.6), Teamcenter Visualization V13.3 (All versions < V13.3.0.13), Teamcenter Visualization V14.1 (All versions < V14.1.0.12), Teamcenter Visualization V14.2 (All versions < V14.2.0.9), Teamcenter Visualization V14.3 (All versions < V14.3.0.6). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to crash the application causing denial of service condition.

Affected configurations

Nvd

Node

siemensjt2goRange<14.3.0.6

siemensteamcenter_visualizationRange13.3.0–13.3.0.13

siemensteamcenter_visualizationRange14.1–14.1.0.12

siemensteamcenter_visualizationRange14.2–14.2.0.9

siemensteamcenter_visualizationRange14.3–14.3.0.6

VendorProductVersionCPE
siemensjt2go*cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*
siemensteamcenter_visualization*cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*