PT-2021-20293 · Siemens · Teamcenter Visualization+1
Published
2021-08-10
·
Updated
2021-08-18
·
CVE-2021-33717
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions:
JT2Go versions prior to 13.2.0.1
Teamcenter Visualization versions prior to 13.2.0.1
Description:
A NULL pointer deference condition could occur when parsing specially crafted CGM files, causing the application to crash. The service can be restored by restarting the application. This issue can be leveraged by an attacker to cause a Denial-of-Service condition in the application.
Recommendations:
For JT2Go versions prior to 13.2.0.1, update to version 13.2.0.1 or later to resolve the issue.
For Teamcenter Visualization versions prior to 13.2.0.1, update to version 13.2.0.1 or later to resolve the issue.
As a temporary workaround, consider restricting the parsing of CGM files to minimize the risk of exploitation.
Fix
NULL Pointer Dereference
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Jt2Go
Teamcenter Visualization