CVE-2022-41660

{"id": "CVE-2022-41660", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "productcert@siemens.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2022-11-08T11:15:11.530", "references": [{"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-120378.pdf", "tags": ["Vendor Advisory"], "source": "productcert@siemens.com"}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-120378.pdf", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "productcert@siemens.com", "description": [{"lang": "en", "value": "CWE-787"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions < V14.1.0.4), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.7), Teamcenter Visualization V14.0 (All versions < V14.0.0.3), Teamcenter Visualization V14.1 (All versions < V14.1.0.4). The affected products contain an out of bounds write vulnerability when parsing a CGM file. An attacker can leverage this vulnerability to execute code in the context of the current process."}, {"lang": "es", "value": "Se ha identificado una vulnerabilidad en JT2Go (Todas las versiones &lt; V14.1.0.4), Teamcenter Visualization V13.2 (Todas las versiones &lt; V13.2.0.12), Teamcenter Visualization V13.3 (Todas las versiones &lt; V13.3.0. 7), Teamcenter Visualization V14.0 (todas las versiones &lt; V14.0.0.3), Teamcenter Visualization V14.1 (todas las versiones&lt; V14.1.0.4). Los productos afectados contienen una vulnerabilidad de escritura fuera de l\u00edmites al analizar un archivo CGM. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual."}], "lastModified": "2024-11-21T07:23:35.167", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FD5EAF75-B0F4-4792-9833-085B9D830FCE", "versionEndExcluding": "14.1.0.4"}, {"criteria": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FB99D790-4F55-48F2-902B-8739CAEC78EE", "versionEndExcluding": "13.3.0.7", "versionStartIncluding": "13.3.0"}, {"criteria": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0F811DB6-3650-4BCB-A538-AAECF63EA085", "versionEndExcluding": "14.0.0.3", "versionStartIncluding": "14.0"}, {"criteria": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "175648D0-81ED-4AC9-AF2D-4C9E93814C36", "versionEndExcluding": "14.1.0.4", "versionStartIncluding": "14.1"}], "operator": "OR"}]}], "sourceIdentifier": "productcert@siemens.com"}