CVE-2023-38074

Name of the Vulnerable Software and Affected Versions JT2Go versions prior to V14.3.0.1 Teamcenter Visualization V13.3 versions prior to V13.3.0.12 Teamcenter Visualization V14.0 all versions Teamcenter Visualization V14.1 versions prior to V14.1.0.11 Teamcenter Visualization V14.2 versions prior to V14.2.0.6 Teamcenter Visualization V14.3 versions prior to V14.3.0.1 Tecnomatix Plant Simulation V2201 versions prior to V2201.0010 Tecnomatix Plant Simulation V2302 versions prior to V2302.0004

Description The affected application contains a type confusion vulnerability while parsing WRL files. This could allow an attacker to execute code in the context of the current process. The vulnerability is related to accessing a resource through incompatible types.

Recommendations For JT2Go versions prior to V14.3.0.1, update to version V14.3.0.1 or later. For Teamcenter Visualization V13.3 versions prior to V13.3.0.12, update to version V13.3.0.12 or later. For Teamcenter Visualization V14.0 all versions, update to a version that is not affected by this vulnerability. For Teamcenter Visualization V14.1 versions prior to V14.1.0.11, update to version V14.1.0.11 or later. For Teamcenter Visualization V14.2 versions prior to V14.2.0.6, update to version V14.2.0.6 or later. For Teamcenter Visualization V14.3 versions prior to V14.3.0.1, update to version V14.3.0.1 or later. For Tecnomatix Plant Simulation V2201 versions prior to V2201.0010, update to version V2201.0010 or later. For Tecnomatix Plant Simulation V2302 versions prior to V2302.0004, update to version V2302.0004 or later. As a temporary workaround, consider restricting access to WRL files until a patch is available.