CVE-2022-24290

Published: May 20, 2022Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.13), Teamcenter V13.0 (All versions < V13.0.0.9), Teamcenter V13.1 (All versions), Teamcenter V13.2 (All versions < V13.2.0.8), Teamcenter V13.3 (All versions < V13.3.0.3), Teamcenter V14.0 (All versions < V14.0.0.2). The tcserver.exe binary in affected applications is vulnerable to a stack overflow condition during the parsing of user input that may lead the binary to crash.

Affected (6)

Products: Siemens: Teamcenter

Siemens

1 product

Teamcenter

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Siemens Teamcenter	From 12.4 to 12.4.0.13
Siemens Teamcenter	From 13.0 to 13.0.0.9
Siemens Teamcenter	From 13.1 to 13.1.0.9
Siemens Teamcenter	From 13.2 to 13.2.0.8
Siemens Teamcenter	From 13.3 to 13.3.0.3
Siemens Teamcenter	Version 14.0

Related CWEs

CWE-121

Stack-based Buffer Overflow

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

CWE-787

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (2)

https://cert-portal.siemens.com/productcert/pdf/ssa-789162.pdf

Source: productcert@siemens.com

MitigationPatchVendor Advisory

https://cert-portal.siemens.com/productcert/pdf/ssa-789162.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

MitigationPatchVendor Advisory

Timeline

No history available yet.