CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-27003 – Siemens JT2Go TIFF File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-27003
A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing TIFF files. This could lead to pointer dereferences of a value obtained from untrusted source. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12158) Se ha identificado una vulnerabilidad en JT2Go (Todas las versiones anteriores a V13.1.0.1), Teamcenter Visualization (Todas las versiones anteriores a V13.1.0.1). • https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf https://www.zerodayinitiative.com/advisories/ZDI-21-229 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-822: Untrusted Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-27006 – Siemens JT2Go PCT File Parsing Memory Corruption Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-27006
A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing of PCT files. This could result in a memory corruption condition. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12182) Se ha identificado una vulnerabilidad en JT2Go (Todas las versiones anteriores a V13.1.0.1), Teamcenter Visualization (Todas las versiones anteriores a V13.1.0.1). • https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf https://www.zerodayinitiative.com/advisories/ZDI-21-232 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-26998 – Siemens JT2Go ASM File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-26998
A vulnerability has been identified in JT2Go (All versions < V13.1.0.2), Teamcenter Visualization (All versions < V13.1.0.2). Affected applications lack proper validation of user-supplied data when parsing of PAR files. This could result in a memory access past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information. (ZDI-CAN-12040) Se ha identificado una vulnerabilidad en JT2Go (Todas las versiones anteriores a V13.1.0.2), Teamcenter Visualization (Todas las versiones anteriores a V13.1.0.2). • https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-695540.pdf https://www.zerodayinitiative.com/advisories/ZDI-21-238 https://www.zerodayinitiative.com/advisories/ZDI-21-857 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-27001 – Siemens JT2Go PAR File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-27001
A vulnerability has been identified in JT2Go (All versions < V13.1.0.2), Teamcenter Visualization (All versions < V13.1.0.2). Affected applications lack proper validation of user-supplied data when parsing of PAR files. This could result in a stack based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12041) Se ha identificado una vulnerabilidad en JT2Go (Todas las versiones anteriores a V13.1.0.2), Teamcenter Visualization (Todas las versiones anteriores a V13.1.0.2). • https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-695540.pdf https://www.zerodayinitiative.com/advisories/ZDI-21-227 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2020-27002 – Siemens JT2Go PAR File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2020-27002
A vulnerability has been identified in JT2Go (All versions < V13.1.0.2), Teamcenter Visualization (All versions < V13.1.0.2). Affected applications lack proper validation of user-supplied data when parsing of PAR files. This could result in a memory access past the end of an allocated buffer. An attacker could leverage this vulnerability to access data in the context of the current process. (ZDI-CAN-12043) Se ha identificado una vulnerabilidad en JT2Go (Todas las versiones anteriores a V13.1.0.2), Teamcenter Visualization (Todas las versiones anteriores a V13.1.0.2). • https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-695540.pdf https://www.zerodayinitiative.com/advisories/ZDI-21-228 • CWE-125: Out-of-bounds Read •