CVE-2020-26999 – Siemens JT2Go PAR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-26999
A vulnerability has been identified in JT2Go (All versions < V13.1.0.2), Teamcenter Visualization (All versions < V13.1.0.2). Affected applications lack proper validation of user-supplied data when parsing of PAR files. This could result in a memory access past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information. (ZDI-CAN-12042) Se ha identificado una vulnerabilidad en JT2Go (Todas las versiones anteriores a V13.1.0.2), Teamcenter Visualization (Todas las versiones anteriores a V13.1.0.2). • https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-695540.pdf https://www.zerodayinitiative.com/advisories/ZDI-21-239 https://www.zerodayinitiative.com/advisories/ZDI-21-860 • CWE-125: Out-of-bounds Read •
CVE-2020-26998 – Siemens JT2Go ASM File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-26998
A vulnerability has been identified in JT2Go (All versions < V13.1.0.2), Teamcenter Visualization (All versions < V13.1.0.2). Affected applications lack proper validation of user-supplied data when parsing of PAR files. This could result in a memory access past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information. (ZDI-CAN-12040) Se ha identificado una vulnerabilidad en JT2Go (Todas las versiones anteriores a V13.1.0.2), Teamcenter Visualization (Todas las versiones anteriores a V13.1.0.2). • https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-695540.pdf https://www.zerodayinitiative.com/advisories/ZDI-21-238 https://www.zerodayinitiative.com/advisories/ZDI-21-857 • CWE-125: Out-of-bounds Read •
CVE-2020-27002 – Siemens JT2Go PAR File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2020-27002
A vulnerability has been identified in JT2Go (All versions < V13.1.0.2), Teamcenter Visualization (All versions < V13.1.0.2). Affected applications lack proper validation of user-supplied data when parsing of PAR files. This could result in a memory access past the end of an allocated buffer. An attacker could leverage this vulnerability to access data in the context of the current process. (ZDI-CAN-12043) Se ha identificado una vulnerabilidad en JT2Go (Todas las versiones anteriores a V13.1.0.2), Teamcenter Visualization (Todas las versiones anteriores a V13.1.0.2). • https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-695540.pdf https://www.zerodayinitiative.com/advisories/ZDI-21-228 • CWE-125: Out-of-bounds Read •
CVE-2020-27001 – Siemens JT2Go PAR File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-27001
A vulnerability has been identified in JT2Go (All versions < V13.1.0.2), Teamcenter Visualization (All versions < V13.1.0.2). Affected applications lack proper validation of user-supplied data when parsing of PAR files. This could result in a stack based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12041) Se ha identificado una vulnerabilidad en JT2Go (Todas las versiones anteriores a V13.1.0.2), Teamcenter Visualization (Todas las versiones anteriores a V13.1.0.2). • https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-695540.pdf https://www.zerodayinitiative.com/advisories/ZDI-21-227 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVE-2021-25173 – Siemens JT2Go DGN File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-25173
An issue was discovered in Open Design Alliance Drawings SDK before 2021.12. A memory allocation with excessive size vulnerability exists when reading malformed DGN files, which allows attackers to cause a crash, potentially enabling denial of service (crash, exit, or restart). Se detectó un problema en Open Design Alliance Drawings SDK versiones anteriores a 2021.12. Se presenta una vulnerabilidad de asignación de la memoria con un tamaño excesivo al leer archivos DGN malformados, lo que permite a los atacantes causar un bloqueo, permitiendo potencialmente un ataque de denegación de servicio (Bloqueo, Salida o Reinicio) This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DGN files. • https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf https://www.opendesign.com/security-advisories https://www.zerodayinitiative.com/advisories/ZDI-21-225 • CWE-770: Allocation of Resources Without Limits or Throttling •