Products
JT2Go
- < V2312.0001
Teamcenter Visualization V14.1
- < V14.1.0.13
Teamcenter Visualization V14.2
- < V14.2.0.10
Teamcenter Visualization V14.3
- < V14.3.0.7
Teamcenter Visualization V2312
- < V2312.0001
Source
productcert@siemens.com
Tags
CVE-2024-34085 details
Last Modified : May 14, 2024, 7:17 p.m.
Description
A vulnerability has been identified in JT2Go (All versions < V2312.0001), Teamcenter Visualization V14.1 (All versions < V14.1.0.13), Teamcenter Visualization V14.2 (All versions < V14.2.0.10), Teamcenter Visualization V14.3 (All versions < V14.3.0.7), Teamcenter Visualization V2312 (All versions < V2312.0001). The affected applications contain a stack overflow vulnerability while parsing specially crafted XML files. This could allow an attacker to execute code in the context of the current process.
CVSS Score
| 1 | 2 | 3 | 4 | 5 | 6 | 7.8 | 8 | 9 | 10 |
|---|
Weakness
| Weakness | Name | Description |
|---|
CVSS Data
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
7.8
Exploitability Score
Impact Score
Base Severity
HIGH
Vector String : CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References
| URL | Source |
|---|---|
| https://cert-portal.siemens.com/productcert/html/ssa-661579.html | productcert@siemens.com |