Publication Date: 2022-05-10
Last Update: 2022-05-10
Current Version: V1.0
CVSS v3.1 Base Score: 7.8

Affected Product and Versions Remediation
JT2Go:
All versions < V13.3.0.3
Update to V13.3.0.3 or later version
https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html
See further recommendations from section Workarounds and Mitigations
Teamcenter Visualization V13.3:
All versions < V13.3.0.3
Update to V13.3.0.3 or later version
https://support.sw.siemens.com/
See further recommendations from section Workarounds and Mitigations
Teamcenter Visualization V14.0:
All versions < V14.0.0.1
Update to V14.0.0.1 or later version
https://support.sw.siemens.com/
See further recommendations from section Workarounds and Mitigations

CVSS v3.1 Base Score 3.3
CVSS Vector CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
CWE: CWE-835: Loop with Unreachable Exit Condition (‘Infinite Loop’)

CVSS v3.1 Base Score 3.3
CVSS Vector CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
CWE: CWE-476: NULL Pointer Dereference

CVSS v3.1 Base Score 3.3
CVSS Vector CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
CWE: CWE-680: Integer Overflow to Buffer Overflow

CVSS v3.1 Base Score 3.3
CVSS Vector CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
CWE: CWE-476: NULL Pointer Dereference

CVSS v3.1 Base Score 7.8
CVSS Vector CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE: CWE-415: Double Free

CVSS v3.1 Base Score 7.8
CVSS Vector CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE: CWE-824: Access of Uninitialized Pointer

https://www.siemens.com/cert/advisories