CVE-2020-26985 – Siemens JT2Go RGB and SGI File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-26985
A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing of RGB and SGI files. This could result in a heap-based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11986, ZDI-CAN-11994) Se ha identificado una vulnerabilidad en JT2Go (todas las versiones anteriores a V13.1.0), Teamcenter Visualization (todas las versiones anteriores a V13.1.0). • https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf https://www.zerodayinitiative.com/advisories/ZDI-21-056 https://www.zerodayinitiative.com/advisories/ZDI-21-058 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVE-2020-26987 – Siemens JT2Go TGA File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-26987
A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing of TGA files. This could lead to a heap-based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12016, ZDI-CAN-12017) Se ha identificado una vulnerabilidad en JT2Go (Todas las versiones anteriores a V13.1.0), Teamcenter Visualization (Todas las versiones anteriores a V13.1.0). • https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf https://www.zerodayinitiative.com/advisories/ZDI-21-059 https://www.zerodayinitiative.com/advisories/ZDI-21-061 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVE-2020-26989 – Siemens JT2Go PAR File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-26989
A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Solid Edge SE2020 (All Versions < SE2020MP12), Solid Edge SE2021 (All Versions < SE2021MP2), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing of PAR files. This could result in a stack based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11892) Se ha identificado una vulnerabilidad en JT2Go (Todas las versiones anteriores a V13.1.0.1), Solid Edge SE2020 (Todas las versiones anteriores a SE2020MP12), Solid Edge SE2021 (Todas las versiones anteriores a SE2021MP2), Teamcenter Visualization (Todas las versiones anteriores a V13.1.0.1). • https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-979834.pdf https://www.zerodayinitiative.com/advisories/ZDI-21-050 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVE-2020-26990 – Siemens JT2Go ASM File Parsing Type Confusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-26990
A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing ASM files. A crafted ASM file could trigger a type confusion condition. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11897) Se ha identificado una vulnerabilidad en JT2Go (Todas las versiones anteriores a V13.1.0.1), Teamcenter Visualization (Todas las versiones anteriores a V13.1.0.1). • https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf https://www.zerodayinitiative.com/advisories/ZDI-21-055 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVE-2020-26991 – Siemens JT2Go ASM File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-26991
A vulnerability has been identified in JT2Go (All versions < V13.1.0.2), Teamcenter Visualization (All versions < V13.1.0.2). Affected applications lack proper validation of user-supplied data when parsing ASM files. This could lead to pointer dereferences of a value obtained from untrusted source. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11899) Se ha identificado una vulnerabilidad en JT2Go JT2Go (Todas las versiones anteriores a V13.1.0.2), Teamcenter Visualization (Todas las versiones anteriores a V13.1.0.2) Las aplicaciones afectadas carecen de una comprobación apropiada de los datos proporcionados por el usuario al analizar archivos ASM. • https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-695540.pdf https://www.zerodayinitiative.com/advisories/ZDI-21-053 • CWE-476: NULL Pointer Dereference CWE-822: Untrusted Pointer Dereference •