CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-37997
https://notcve.org/view.php?id=CVE-2024-37997
09 Jul 2024 — A vulnerability has been identified in JT Open (All versions < V11.5), PLM XML SDK (All versions < V7.1.0.014). The affected applications contain a stack based overflow vulnerability while parsing specially crafted XML files. This could allow an attacker to execute code in the context of the current process. Se ha identificado una vulnerabilidad en JT Open (todas las versiones < V11.5), PLM XML SDK (todas las versiones < V7.1.0.014). Las aplicaciones afectadas contienen una vulnerabilidad de desbordam... • https://cert-portal.siemens.com/productcert/html/ssa-824889.html • CWE-121: Stack-based Buffer Overflow •
CVSS: 4.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-37996
https://notcve.org/view.php?id=CVE-2024-37996
09 Jul 2024 — A vulnerability has been identified in JT Open (All versions < V11.5), PLM XML SDK (All versions < V7.1.0.014). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted XML files. An attacker could leverage this vulnerability to crash the application causing denial of service condition. Se ha identificado una vulnerabilidad en JT Open (todas las versiones < V11.5), PLM XML SDK (todas las versiones < V7.1.0.014). Las aplicaciones afectadas contienen una... • https://cert-portal.siemens.com/productcert/html/ssa-824889.html • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-30796
https://notcve.org/view.php?id=CVE-2023-30796
08 Aug 2023 — A vulnerability has been identified in JT Open (All versions < V11.4), JT Utilities (All versions < V13.4). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. Se ha identificado una vulnerabilidad en JT Open (Todas las versiones inferiores a V11.4), JT Utilities (Todas las versiones inferiores a V13.4). Las aplicaciones afectadas contienen ... • https://cert-portal.siemens.com/productcert/pdf/ssa-001569.pdf • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2023-30795
https://notcve.org/view.php?id=CVE-2023-30795
08 Aug 2023 — A vulnerability has been identified in JT Open (All versions < V11.4), JT Utilities (All versions < V13.4), Parasolid V34.0 (All versions < V34.0.253), Parasolid V34.1 (All versions < V34.1.243), Parasolid V35.0 (All versions < V35.0.177), Parasolid V35.1 (All versions < V35.1.073). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. Se ha i... • https://cert-portal.siemens.com/productcert/pdf/ssa-001569.pdf • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-29053
https://notcve.org/view.php?id=CVE-2023-29053
11 Apr 2023 — A vulnerability has been identified in JT Open (All versions < V11.3.2.0), JT Utilities (All versions < V13.3.0.0). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. • https://cert-portal.siemens.com/productcert/pdf/ssa-642810.pdf • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-47977
https://notcve.org/view.php?id=CVE-2022-47977
14 Feb 2023 — A vulnerability has been identified in JT Open (All versions < V11.2.3.0), JT Utilities (All versions < V13.2.3.0). The affected application contains a memory corruption vulnerability while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. • https://cert-portal.siemens.com/productcert/pdf/ssa-836777.pdf • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-47936
https://notcve.org/view.php?id=CVE-2022-47936
14 Feb 2023 — A vulnerability has been identified in JT Open (All versions < V11.2.3.0), JT Utilities (All versions < V13.2.3.0), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.170), Parasolid V35.1 (All versions < V35.1.150). The affected application contains a stack overflow vulnerability while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. • https://cert-portal.siemens.com/productcert/pdf/ssa-836777.pdf • CWE-121: Stack-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-47935 – Siemens Solid Edge Viewer JT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-47935
10 Jan 2023 — A vulnerability has been identified in JT Open (All versions < V11.1.1.0), JT Utilities (All versions < V13.1.1.0), Solid Edge (All versions < V2023). The Jt1001.dll contains a memory corruption vulnerability while parsing specially crafted JT files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-19078) This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Solid Edge Viewer. User interaction is... • https://cert-portal.siemens.com/productcert/pdf/ssa-936212.pdf • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-41851 – Siemens Simcenter Femap JT File Parsing Uninitialized Pointer Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-41851
11 Oct 2022 — A vulnerability has been identified in JTTK (All versions < V11.1.1.0), Simcenter Femap V2022.1 (All versions < V2022.1.3), Simcenter Femap V2022.2 (All versions < V2022.2.2). The JTTK library is vulnerable to an uninitialized pointer reference vulnerability while parsing specially crafted JT files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-16973) Se ha identificado una vulnerabilidad en JTTK (Todas las versiones anteriores a V11.1.1.0), Si... • https://cert-portal.siemens.com/productcert/pdf/ssa-611756.pdf • CWE-824: Access of Uninitialized Pointer •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-44449
https://notcve.org/view.php?id=CVE-2021-44449
14 Dec 2021 — A vulnerability has been identified in JT Utilities (All versions < V12.8.1.1), JTTK (All versions < V10.8.1.1). JTTK library in affected products contains an out of bounds write past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14830) Se ha identificado una vulnerabilidad en JT Utilities (Todas las versiones anteriores a V12.8.1.1), JTTK (Todas las versiones anteriores a V10.8.1.1). L... • https://cert-portal.siemens.com/productcert/pdf/ssa-396621.pdf • CWE-787: Out-of-bounds Write •