CVE-2023-38073

Published: Sep 12, 2023Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: productcert@siemens.com (Secondary)

Description

A vulnerability has been identified in JT2Go (All versions < V14.3.0.1), Teamcenter Visualization V13.3 (All versions < V13.3.0.12), Teamcenter Visualization V14.0 (All versions), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.1), Tecnomatix Plant Simulation V2201 (All versions < V2201.0010), Tecnomatix Plant Simulation V2302 (All versions < V2302.0004). The affected application contains a type confusion vulnerability while parsing WRL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20826)

Affected (7)

Products: Siemens: Jt2go, Teamcenter Visualization, Tecnomatix Plant Simulation

Siemens

3 products

Jt2go

Teamcenter Visualization

Tecnomatix Plant Simulation

Configuration A

7 vulnerable

Vulnerable Software	Affected Versions
Siemens Jt2go	Before 14.3.0.1
Siemens Teamcenter Visualization	From 13.3.0 to 13.4.0.12
Siemens Teamcenter Visualization	From 14.0 to 14.1.0.11
Siemens Teamcenter Visualization	From 14.2 to 14.2.0.6
Siemens Teamcenter Visualization	From 14.3 to 14.3.0.1
Siemens Tecnomatix Plant Simulation	From 2201.0 to 2201.0010
Siemens Tecnomatix Plant Simulation	From 2302.0 to 2302.0004