Teamcenter Visualization Siemens Teamcenter Visualization

  1. Vendors
  2. Siemens
  3. Teamcenter Visualization
Do you want an email whenever new security vulnerabilities are reported in Siemens Teamcenter Visualization?

By the Year

In 2023 there have been 3 vulnerabilities in Siemens Teamcenter Visualization with an average score of 7.8 out of ten. Last year Teamcenter Visualization had 29 security vulnerabilities published. Right now, Teamcenter Visualization is on track to have less security vulnerabilities in 2023 than it did last year. However, the average CVE base score of the vulnerabilities in 2023 is greater by 1.26.

Year Vulnerabilities Average Score
2023 3 7.80
2022 29 6.54
2021 90 7.13
2020 0 0.00
2019 0 0.00
2018 0 0.00

It may take a day or so for new Teamcenter Visualization vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Siemens Teamcenter Visualization Security Vulnerabilities

The APDFL.dll contains a memory corruption vulnerability while parsing specially crafted PDF files

CVE-2022-3161 7.8 - High - January 13, 2023

The APDFL.dll contains a memory corruption vulnerability while parsing specially crafted PDF files. This could allow an attacker to execute code in the context of the current process.

Memory Corruption

The APDFL.dll contains an out-of-bounds write past the fixed-length heap-based buffer while parsing specially crafted PDF files

CVE-2022-3160 7.8 - High - January 13, 2023

The APDFL.dll contains an out-of-bounds write past the fixed-length heap-based buffer while parsing specially crafted PDF files. This could allow an attacker to execute code in the context of the current process.

Memory Corruption

The APDFL.dll contains a stack-based buffer overflow vulnerability that could be triggered while parsing specially crafted PDF files

CVE-2022-3159 7.8 - High - January 13, 2023

The APDFL.dll contains a stack-based buffer overflow vulnerability that could be triggered while parsing specially crafted PDF files. This could allow an attacker to execute code in the context of the current process.

Memory Corruption

A vulnerability has been identified in JT2Go (All versions)

CVE-2022-41288 3.3 - Low - December 13, 2022

A vulnerability has been identified in JT2Go (All versions), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CGM_NIST_Loader.dll contains stack exhaustion vulnerability when parsing a CGM file. An attacker could leverage this vulnerability to crash the application causing denial of service condition.

Allocation of Resources Without Limits or Throttling

A vulnerability has been identified in JT2Go (All versions)

CVE-2022-41287 3.3 - Low - December 13, 2022

A vulnerability has been identified in JT2Go (All versions), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CGM_NIST_Loader.dll contains divide by zero vulnerability when parsing a CGM file. An attacker could leverage this vulnerability to crash the application causing denial of service condition.

Divide By Zero

A vulnerability has been identified in JT2Go (All versions)

CVE-2022-41286 7.8 - High - December 13, 2022

A vulnerability has been identified in JT2Go (All versions), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CGM_NIST_Loader.dll contains an out of bounds write vulnerability when parsing a CGM file. An attacker can leverage this vulnerability to execute code in the context of the current process.

Out-of-bounds Read

A vulnerability has been identified in JT2Go (All versions)

CVE-2022-41285 7.8 - High - December 13, 2022

A vulnerability has been identified in JT2Go (All versions), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CGM_NIST_Loader.dll contains a use-after-free vulnerability that could be triggered while parsing specially crafted CGM files. An attacker could leverage this vulnerability to execute code in the context of the current process.

Dangling pointer

A vulnerability has been identified in JT2Go (All versions)

CVE-2022-41284 7.8 - High - December 13, 2022

A vulnerability has been identified in JT2Go (All versions), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CGM_NIST_Loader.dll contains an out of bounds read vulnerability when parsing a CGM file. An attacker can leverage this vulnerability to execute code in the context of the current process.

Out-of-bounds Read

A vulnerability has been identified in JT2Go (All versions)

CVE-2022-41283 7.8 - High - December 13, 2022

A vulnerability has been identified in JT2Go (All versions), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CGM_NIST_Loader.dll contains an out of bounds write vulnerability when parsing a CGM file. An attacker can leverage this vulnerability to execute code in the context of the current process.

Memory Corruption

A vulnerability has been identified in JT2Go (All versions)

CVE-2022-41282 7.8 - High - December 13, 2022

A vulnerability has been identified in JT2Go (All versions), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CGM_NIST_Loader.dll contains an out of bounds read vulnerability when parsing a CGM file. An attacker can leverage this vulnerability to execute code in the context of the current process.

Out-of-bounds Read

A vulnerability has been identified in JT2Go (All versions)

CVE-2022-41281 7.8 - High - December 13, 2022

A vulnerability has been identified in JT2Go (All versions), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CGM_NIST_Loader.dll contains an out of bounds read vulnerability when parsing a CGM file. An attacker can leverage this vulnerability to execute code in the context of the current process.

Out-of-bounds Read

A vulnerability has been identified in JT2Go (All versions)

CVE-2022-41280 3.3 - Low - December 13, 2022

A vulnerability has been identified in JT2Go (All versions), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CGM_NIST_Loader.dll contains a null pointer dereference vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to crash the application causing denial of service condition.

NULL Pointer Dereference

A vulnerability has been identified in JT2Go (All versions)

CVE-2022-41279 3.3 - Low - December 13, 2022

A vulnerability has been identified in JT2Go (All versions), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CGM_NIST_Loader.dll contains a null pointer dereference vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to crash the application causing denial of service condition.

NULL Pointer Dereference

A vulnerability has been identified in JT2Go (All versions)

CVE-2022-41278 3.3 - Low - December 13, 2022

A vulnerability has been identified in JT2Go (All versions), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CGM_NIST_Loader.dll contains a null pointer dereference vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to crash the application causing denial of service condition.

NULL Pointer Dereference

A vulnerability has been identified in JT2Go (All versions)

CVE-2022-45484 3.3 - Low - December 13, 2022

A vulnerability has been identified in JT2Go (All versions), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.9), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.5), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CCITT_G4Decode.dll contains an out of bounds read vulnerability when parsing a RAS file. An attacker can leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-19056)

Out-of-bounds Read

A vulnerability has been identified in JT2Go (All versions < V14.1.0.4)

CVE-2022-41664 7.8 - High - November 08, 2022

A vulnerability has been identified in JT2Go (All versions < V14.1.0.4), Teamcenter Visualization V13.3 (All versions < V13.3.0.7), Teamcenter Visualization V14.0 (All versions < V14.0.0.3), Teamcenter Visualization V14.1 (All versions < V14.1.0.4). The affected application contains a stack-based buffer overflow vulnerability that could be triggered while parsing specially crafted PDF files. This could allow an attacker to execute code in the context of the current process.

Memory Corruption

A vulnerability has been identified in JT2Go (All versions < V14.1.0.4)

CVE-2022-41663 7.8 - High - November 08, 2022

A vulnerability has been identified in JT2Go (All versions < V14.1.0.4), Teamcenter Visualization V13.3 (All versions < V13.3.0.7), Teamcenter Visualization V14.0 (All versions < V14.0.0.3), Teamcenter Visualization V14.1 (All versions < V14.1.0.4). The affected applications contain a use-after-free vulnerability that could be triggered while parsing specially crafted CGM files. An attacker could leverage this vulnerability to execute code in the context of the current process.

Dangling pointer

A vulnerability has been identified in JT2Go (All versions < V14.1.0.4)

CVE-2022-41662 7.8 - High - November 08, 2022

A vulnerability has been identified in JT2Go (All versions < V14.1.0.4), Teamcenter Visualization V13.3 (All versions < V13.3.0.7), Teamcenter Visualization V14.0 (All versions < V14.0.0.3), Teamcenter Visualization V14.1 (All versions < V14.1.0.4). The affected products contain an out of bounds read vulnerability when parsing a CGM file. An attacker can leverage this vulnerability to execute code in the context of the current process.

Out-of-bounds Read

A vulnerability has been identified in JT2Go (All versions < V14.1.0.4)

CVE-2022-41661 7.8 - High - November 08, 2022

A vulnerability has been identified in JT2Go (All versions < V14.1.0.4), Teamcenter Visualization V13.3 (All versions < V13.3.0.7), Teamcenter Visualization V14.0 (All versions < V14.0.0.3), Teamcenter Visualization V14.1 (All versions < V14.1.0.4). The affected products contain an out of bounds read vulnerability when parsing a CGM file. An attacker can leverage this vulnerability to execute code in the context of the current process.

Out-of-bounds Read

A vulnerability has been identified in JT2Go (All versions < V14.1.0.4)

CVE-2022-41660 7.8 - High - November 08, 2022

A vulnerability has been identified in JT2Go (All versions < V14.1.0.4), Teamcenter Visualization V13.3 (All versions < V13.3.0.7), Teamcenter Visualization V14.0 (All versions < V14.0.0.3), Teamcenter Visualization V14.1 (All versions < V14.1.0.4). The affected products contain an out of bounds write vulnerability when parsing a CGM file. An attacker can leverage this vulnerability to execute code in the context of the current process.

Memory Corruption

A vulnerability has been identified in JT2Go (All versions < V14.1.0.4)

CVE-2022-39136 7.8 - High - November 08, 2022

A vulnerability has been identified in JT2Go (All versions < V14.1.0.4), Teamcenter Visualization V13.3 (All versions < V13.3.0.7), Teamcenter Visualization V13.3 (All versions >= V13.3.0.7 < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.3), Teamcenter Visualization V14.1 (All versions < V14.1.0.4). The affected application is vulnerable to fixed-length heap-based buffer while parsing specially crafted TIF files. An attacker could leverage this vulnerability to execute code in the context of the current process.

Memory Corruption

The APDFL.dll in Siemens JT2Go prior to V13.3.0.5 and Siemens Teamcenter Visualization prior to V14.0.0.2 contains an out of bounds write past the fixed-length heap-based buffer while parsing specially crafted PDF files

CVE-2022-2069 7.8 - High - October 20, 2022

The APDFL.dll in Siemens JT2Go prior to V13.3.0.5 and Siemens Teamcenter Visualization prior to V14.0.0.2 contains an out of bounds write past the fixed-length heap-based buffer while parsing specially crafted PDF files. This could allow an attacker to execute code in the context of the current process.

Memory Corruption

A vulnerability has been identified in JT2Go (All versions < V13.3.0.3)

CVE-2022-29028 5.5 - Medium - May 20, 2022

A vulnerability has been identified in JT2Go (All versions < V13.3.0.3), Teamcenter Visualization V13.3 (All versions < V13.3.0.3), Teamcenter Visualization V14.0 (All versions < V14.0.0.1). The Tiff_Loader.dll is vulnerable to infinite loop condition while parsing specially crafted TIFF files. An attacker could leverage this vulnerability to crash the application causing denial of service condition.

Infinite Loop

A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.13)

CVE-2022-24290 7.5 - High - May 20, 2022

A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.13), Teamcenter V13.0 (All versions < V13.0.0.9), Teamcenter V13.1 (All versions), Teamcenter V13.2 (All versions < V13.2.0.8), Teamcenter V13.3 (All versions < V13.3.0.3), Teamcenter V14.0 (All versions < V14.0.0.2). The tcserver.exe binary in affected applications is vulnerable to a stack overflow condition during the parsing of user input that may lead the binary to crash.

Stack Overflow

A vulnerability has been identified in JT2Go (All versions < V13.3.0.3)

CVE-2022-29033 7.8 - High - May 20, 2022

A vulnerability has been identified in JT2Go (All versions < V13.3.0.3), Teamcenter Visualization V13.3 (All versions < V13.3.0.3), Teamcenter Visualization V14.0 (All versions < V14.0.0.1). The CGM_NIST_Loader.dll library is vulnerable to uninitialized pointer free while parsing specially crafted CGM files. An attacker could leverage this vulnerability to execute code in the context of the current process.

Access of Uninitialized Pointer

A vulnerability has been identified in JT2Go (All versions < V13.3.0.3)

CVE-2022-29032 7.8 - High - May 20, 2022

A vulnerability has been identified in JT2Go (All versions < V13.3.0.3), Teamcenter Visualization V13.3 (All versions < V13.3.0.3), Teamcenter Visualization V14.0 (All versions < V14.0.0.1). The CGM_NIST_Loader.dll library contains a double free vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to execute code in the context of the current process.

Double-free

A vulnerability has been identified in JT2Go (All versions < V13.3.0.3)

CVE-2022-29031 5.5 - Medium - May 20, 2022

A vulnerability has been identified in JT2Go (All versions < V13.3.0.3), Teamcenter Visualization V13.3 (All versions < V13.3.0.3), Teamcenter Visualization V14.0 (All versions < V14.0.0.1). The CGM_NIST_Loader.dll contains a null pointer dereference vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to crash the application causing denial of service condition.

NULL Pointer Dereference

A vulnerability has been identified in JT2Go (All versions < V13.3.0.3)

CVE-2022-29030 5.5 - Medium - May 20, 2022

A vulnerability has been identified in JT2Go (All versions < V13.3.0.3), Teamcenter Visualization V13.3 (All versions < V13.3.0.3), Teamcenter Visualization V14.0 (All versions < V14.0.0.1). The Mono_Loader.dll library is vulnerable to integer overflow condition while parsing specially crafted TG4 files. An attacker could leverage this vulnerability to crash the application causing denial of service condition.

Integer Overflow or Wraparound

A vulnerability has been identified in JT2Go (All versions < V13.3.0.3)

CVE-2022-29029 5.5 - Medium - May 20, 2022

A vulnerability has been identified in JT2Go (All versions < V13.3.0.3), Teamcenter Visualization V13.3 (All versions < V13.3.0.3), Teamcenter Visualization V14.0 (All versions < V14.0.0.1). The CGM_NIST_Loader.dll contains a null pointer dereference vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to crash the application causing denial of service condition.

NULL Pointer Dereference

A vulnerability has been identified in JT2Go (All versions < V13.2.0.7)

CVE-2021-44000 7.8 - High - February 09, 2022

A vulnerability has been identified in JT2Go (All versions < V13.2.0.7), Solid Edge SE2021 (All versions < SE2021MP9), Solid Edge SE2022 (All versions < SE2022MP1), Teamcenter Visualization V13.1 (All versions < V13.1.0.9), Teamcenter Visualization V13.2 (All versions < V13.2.0.7), Teamcenter Visualization V13.3 (All versions < V13.3.0.1). The plmxmlAdapterSE70.dll contains an out of bounds write past the fixed-length heap-based buffer while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15053)

Memory Corruption

A vulnerability has been identified in JT2Go (All versions < V13.2.0.7)

CVE-2021-44018 7.8 - High - February 09, 2022

A vulnerability has been identified in JT2Go (All versions < V13.2.0.7), Solid Edge SE2021 (All versions < SE2021MP9), Solid Edge SE2022 (All versions < SE2022MP1), Teamcenter Visualization V13.1 (All versions < V13.1.0.9), Teamcenter Visualization V13.2 (All versions < V13.2.0.7), Teamcenter Visualization V13.3 (All versions < V13.3.0.1). The plmxmlAdapterSE70.dll library is vulnerable to memory corruption condition while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-15112)

Buffer Overflow

A vulnerability has been identified in JT2Go (All versions < V13.2.0.7)

CVE-2021-44016 7.8 - High - February 09, 2022

A vulnerability has been identified in JT2Go (All versions < V13.2.0.7), Solid Edge SE2021 (All versions < SE2021MP9), Solid Edge SE2022 (All versions < SE2022MP1), Teamcenter Visualization V13.1 (All versions < V13.1.0.9), Teamcenter Visualization V13.2 (All versions < V13.2.0.7), Teamcenter Visualization V13.3 (All versions < V13.3.0.1). The plmxmlAdapterSE70.dll library is vulnerable to memory corruption condition while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-15110)

Buffer Overflow

A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5)

CVE-2021-44010 5.5 - Medium - December 14, 2021

A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The Tiff_Loader.dll is vulnerable to an out of bounds read past the end of an allocated buffer when parsing TIFF files. An attacker could leverage this vulnerability to leak information in the context of the current process.

Out-of-bounds Read

A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5)

CVE-2021-44009 5.5 - Medium - December 14, 2021

A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The Tiff_Loader.dll is vulnerable to an out of bounds read past the end of an allocated buffer when parsing TIFF files. An attacker could leverage this vulnerability to leak information in the context of the current process.

Out-of-bounds Read

A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5)

CVE-2021-44008 5.5 - Medium - December 14, 2021

A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The Tiff_Loader.dll is vulnerable to an out of bounds read past the end of an allocated buffer when parsing TIFF files. An attacker could leverage this vulnerability to leak information in the context of the current process.

Out-of-bounds Read

A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5)

CVE-2021-44007 5.5 - Medium - December 14, 2021

A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The Tiff_Loader.dll contains an off-by-one error in the heap while parsing specially crafted TIFF files. This could allow an attacker to cause a denial-of-service condition.

off-by-five

A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5)

CVE-2021-44006 7.8 - High - December 14, 2021

A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The Tiff_Loader.dll contains an out of bounds write past the end of an allocated structure while parsing specially crafted TIFF files. This could allow an attacker to execute code in the context of the current process.

Memory Corruption

A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5)

CVE-2021-44005 7.8 - High - December 14, 2021

A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The Tiff_Loader.dll contains an out of bounds write past the end of an allocated structure while parsing specially crafted TIFF files. This could allow an attacker to execute code in the context of the current process.

Memory Corruption

A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5)

CVE-2021-44004 5.5 - Medium - December 14, 2021

A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The Tiff_Loader.dll is vulnerable to an out of bounds read past the end of an allocated buffer when parsing TIFF files. An attacker could leverage this vulnerability to leak information in the context of the current process.

Out-of-bounds Read

A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5)

CVE-2021-44003 5.5 - Medium - December 14, 2021

A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The Tiff_Loader.dll is vulnerable to use of uninitialized memory while parsing user supplied TIFF files. This could allow an attacker to cause a denial-of-service condition.

Use of Uninitialized Resource

A vulnerability has been identified in JT Open (All versions < V11.1.1.0)

CVE-2021-44002 7.8 - High - December 14, 2021

A vulnerability has been identified in JT Open (All versions < V11.1.1.0), JT Utilities (All versions < V13.1.1.0), Solid Edge (All versions < V2023). The Jt1001.dll contains an out of bounds write past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15058, ZDI-CAN-19076, ZDI-CAN-19077)

Memory Corruption

A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5)

CVE-2021-44001 7.8 - High - December 14, 2021

A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The DL180pdfl.dll contains an out of bounds write past the end of an allocated structure while parsing specially crafted PDF files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14974)

Memory Corruption

A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5)

CVE-2021-44017 5.5 - Medium - December 14, 2021

A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The Image.dll is vulnerable to an out of bounds read past the end of an allocated buffer when parsing specially crafted TIF files. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-15111)

Out-of-bounds Read

A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5)

CVE-2021-44015 5.5 - Medium - December 14, 2021

A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The VCRUNTIME140.dll is vulnerable to an out of bounds read past the end of an allocated buffer when parsing specially crafted CGM files. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-15109)

Out-of-bounds Read

A vulnerability has been identified in JT Open (All versions < V11.1.1.0)

CVE-2021-44014 7.8 - High - December 14, 2021

A vulnerability has been identified in JT Open (All versions < V11.1.1.0), JT Utilities (All versions < V13.1.1.0), Solid Edge (All versions < V2023). The Jt1001.dll contains a use-after-free vulnerability that could be triggered while parsing specially crafted JT files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-15057, ZDI-CAN-19081)

Dangling pointer

A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5)

CVE-2021-44013 7.8 - High - December 14, 2021

A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The DL180pdfl.dll contains an out of bounds write past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15103)

Memory Corruption

A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5)

CVE-2021-44012 5.5 - Medium - December 14, 2021

A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The Jt1001.dll is vulnerable to an out of bounds read past the end of an allocated buffer when parsing specially crafted JT files. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-15102)

Out-of-bounds Read

A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5)

CVE-2021-44011 5.5 - Medium - December 14, 2021

A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The Jt1001.dll is vulnerable to an out of bounds read past the end of an allocated buffer while parsing specially crafted JT files. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-15101)

Out-of-bounds Read

An Out-of-Bounds Write vulnerability exists when reading a DXF or DWG file using Open Design Alliance Drawings SDK before 2022.11

CVE-2021-43336 7.8 - High - November 14, 2021

An Out-of-Bounds Write vulnerability exists when reading a DXF or DWG file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DXF and DWG files. Crafted data in a DXF or DWG file (an invalid number of properties) can trigger a write operation past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.

Memory Corruption

A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.8)

CVE-2021-40356 7.5 - High - September 14, 2021

A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.8), Teamcenter V13.0 (All versions < V13.0.0.7), Teamcenter V13.1 (All versions < V13.1.0.5), Teamcenter V13.2 (All versions < 13.2.0.2). The application contains a XML External Entity Injection (XXE) vulnerability. This could allow an attacker to view files on the application server filesystem.

XXE

A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.8)

CVE-2021-40355 8.8 - High - September 14, 2021

A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.8), Teamcenter V13.0 (All versions < V13.0.0.7), Teamcenter V13.1 (All versions < V13.1.0.5), Teamcenter V13.2 (All versions < 13.2.0.2). The affected application contains Insecure Direct Object Reference (IDOR) vulnerability that allows an attacker to use user-supplied input to access objects directly.

Insecure Direct Object Reference / IDOR

A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.8)

CVE-2021-40354 7.1 - High - September 14, 2021

A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.8), Teamcenter V13.0 (All versions < V13.0.0.7), Teamcenter V13.1 (All versions < V13.1.0.5), Teamcenter V13.2 (All versions < 13.2.0.2). The "surrogate" functionality on the user profile of the application does not perform sufficient access control that could lead to an account takeover. Any profile on the application can perform this attack and access any other user assigned tasks via the "inbox/surrogate tasks".

Improper Privilege Management

A vulnerability has been identified in JT2Go (All versions < V13.2.0.2), Teamcenter Visualization (All versions < V13.2.0.2)

CVE-2021-33738 3.3 - Low - August 10, 2021

A vulnerability has been identified in JT2Go (All versions < V13.2.0.2), Teamcenter Visualization (All versions < V13.2.0.2). The plmxmlAdapterSE70.dll library in affected applications lacks proper validation of user-supplied data when parsing PAR files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-13405)

Out-of-bounds Read

A vulnerability has been identified in JT2Go (All versions < V13.2.0.1), Teamcenter Visualization (All versions < V13.2.0.1)

CVE-2021-33717 5.5 - Medium - August 10, 2021

A vulnerability has been identified in JT2Go (All versions < V13.2.0.1), Teamcenter Visualization (All versions < V13.2.0.1). When parsing specially crafted CGM Files, a NULL pointer deference condition could cause the application to crash. The application must be restarted to restore the service. An attacker could leverage this vulnerability to cause a Denial-of-Service condition in the application.

NULL Pointer Dereference

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2)

CVE-2021-34325 5.5 - Medium - July 13, 2021

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Jt981.dll library in affected applications lacks proper validation of user-supplied data when parsing JT files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-13421)

Out-of-bounds Read

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2)

CVE-2021-34324 7.8 - High - July 13, 2021

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Jt981.dll library in affected applications lacks proper validation of user-supplied data prior to performing further free operations on an object when parsing JT files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13420)

Dangling pointer

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2)

CVE-2021-34323 7.8 - High - July 13, 2021

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Jt981.dll library in affected applications lacks proper validation of user-supplied data when parsing JT files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13419)

Memory Corruption

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2)

CVE-2021-34322 5.5 - Medium - July 13, 2021

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The JPEG2K_Loader.dll library in affected applications lacks proper validation of user-supplied data when parsing J2K files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-13416)

Improper Input Validation

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2)

CVE-2021-34321 5.5 - Medium - July 13, 2021

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The VisDraw.dll library in affected applications lacks proper validation of user-supplied data when parsing J2K files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-13414)

Out-of-bounds Read

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2)

CVE-2021-34320 5.5 - Medium - July 13, 2021

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Jt981.dll library in affected applications lacks proper validation of user-supplied data when parsing JT files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-13406)

Out-of-bounds Read

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2)

CVE-2021-34319 7.8 - High - July 13, 2021

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The BMP_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing SGI files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13404)

Memory Corruption

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2)

CVE-2021-34318 7.8 - High - July 13, 2021

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The BMP_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing PCT files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13403)

Memory Corruption

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2)

CVE-2021-34317 7.8 - High - July 13, 2021

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The BMP_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing PCX files. This could result in an out of bounds write past the fixed-length heap-based buffer. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13402)

Memory Corruption

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2)

CVE-2021-34316 7.8 - High - July 13, 2021

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The DL180CoolType.dll library in affected applications lacks proper validation of user-supplied data when parsing PDF files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13380)

Memory Corruption

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2)

CVE-2021-34315 7.8 - High - July 13, 2021

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The BMP_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing SGI files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13356)

Out-of-bounds Read

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2)

CVE-2021-34314 7.8 - High - July 13, 2021

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The BMP_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing SGI files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13355)

Memory Corruption

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2)

CVE-2021-34313 7.8 - High - July 13, 2021

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Tiff_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing TIFF files. This could result in an out of bounds write past the fixed-length heap-based buffer. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13354)

Memory Corruption

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2)

CVE-2021-34312 7.8 - High - July 13, 2021

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Tiff_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing TIFF files. This could result in an out of bounds write past the fixed-length heap-based buffer. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13353)

Memory Corruption

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2)

CVE-2021-34311 7.8 - High - July 13, 2021

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Mono_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing J2K files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13352)

Memory Corruption

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2)

CVE-2021-34310 7.8 - High - July 13, 2021

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Tiff_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing TIFF files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13351)

Memory Corruption

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2)

CVE-2021-34309 7.8 - High - July 13, 2021

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Tiff_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing TIFF files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13350)

Memory Corruption

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2)

CVE-2021-34308 5.5 - Medium - July 13, 2021

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The BMP_Loader.dll library in affected applications lacks proper validation of user-supplied data when parsing BMP files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-13344)

Out-of-bounds Read

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2)

CVE-2021-34307 5.5 - Medium - July 13, 2021

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Tiff_Loader.dll library in affected applications lacks proper validation of user-supplied data when parsing TIFF files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-13343)

Out-of-bounds Read

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2)

CVE-2021-34306 7.8 - High - July 13, 2021

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The BMP_Loader.dll library in affected applications lacks proper validation of user-supplied data when parsing BMP files. This could result in a memory corruption condition. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13342)

Memory Corruption

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2)

CVE-2021-34305 7.8 - High - July 13, 2021

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Gif_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing GIF files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13340)

Memory Corruption

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2)

CVE-2021-34304 5.5 - Medium - July 13, 2021

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Tiff_Loader.dll library in affected applications lacks proper validation of user-supplied data when parsing TIFF files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-13199)

Out-of-bounds Read

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2)

CVE-2021-34303 5.5 - Medium - July 13, 2021

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Tiff_Loader.dll library in affected applications lacks proper validation of user-supplied data when parsing TIFF files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-13198)

Out-of-bounds Read

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2)

CVE-2021-34302 5.5 - Medium - July 13, 2021

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The BMP_Loader.dll library in affected applications lacks proper validation of user-supplied data when parsing BMP files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-13197)

Out-of-bounds Read

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2)

CVE-2021-34301 7.8 - High - July 13, 2021

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The BMP_Loader.dll library in affected applications lacks proper validation of user-supplied data prior to performing further free operations on an object when parsing BMP files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13196)

Dangling pointer

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2)

CVE-2021-34300 7.8 - High - July 13, 2021

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Tiff_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing TIFF files. This could result in an out of bounds write past the end of an allocated buffer. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13194)

Memory Corruption

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2)

CVE-2021-34299 5.5 - Medium - July 13, 2021

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Tiff_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing TIFF files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-13192)

Out-of-bounds Read

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2)

CVE-2021-34298 7.8 - High - July 13, 2021

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The BMP_Loader.dll library in affected applications lacks proper validation of user-supplied data prior to performing further free operations on an object when parsing BMP files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13060)

Dangling pointer

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2)

CVE-2021-34297 7.8 - High - July 13, 2021

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The BMP_Loader.dll library in affected applications lacks proper validation of user-supplied data when parsing BMP files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13059)

Memory Corruption

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2)

CVE-2021-34296 7.8 - High - July 13, 2021

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The BMP_Loader.dll library in affected applications lacks proper validation of user-supplied data when parsing BMP files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13057)

Out-of-bounds Read

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2)

CVE-2021-34295 7.8 - High - July 13, 2021

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Gif_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing GIF files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13024)

Improper Input Validation

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2)

CVE-2021-34294 7.8 - High - July 13, 2021

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Gif_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing GIF files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13023

Out-of-bounds Read

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2)

CVE-2021-34293 7.8 - High - July 13, 2021

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Gif_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing GIF files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13020)

Memory Corruption

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2)

CVE-2021-34292 7.8 - High - July 13, 2021

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Tiff_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing TIFF files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12959)

Out-of-bounds Read

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2)

CVE-2021-34291 7.8 - High - July 13, 2021

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Gif_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing GIF files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12956)

Memory Corruption

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2)

CVE-2021-34333 5.5 - Medium - July 13, 2021

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The BMP_Loader.dll library in affected applications lacks proper validation of user-supplied data when parsing BMP files. A malformed input file could result in double free of an allocated buffer that leads to a crash. An attacker could leverage this vulnerability to cause denial of service condition. (CNVD-C-2021-79295)

Double-free

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2)

CVE-2021-34332 5.5 - Medium - July 13, 2021

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The BMP_Loader.dll library in affected applications lacks proper validation of user-supplied data when parsing BMP files. A malformed input file could result in an infinite loop condition that leads to denial of service condition. An attacker could leverage this vulnerability to consume excessive resources. (CNVD-C-2021-79300)

Infinite Loop

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2)

CVE-2021-34331 7.8 - High - July 13, 2021

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Jt981.dll library in affected applications lacks proper validation of user-supplied data when parsing JT files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13442)

Memory Corruption

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2)

CVE-2021-34330 7.8 - High - July 13, 2021

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Jt981.dll library in affected applications lacks proper validation of user-supplied data prior to performing further free operations on an object when parsing JT files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13430)

Dangling pointer

A vulnerability has been identified in JT2Go (All versions < V13.2)

CVE-2021-34329 7.8 - High - July 13, 2021

A vulnerability has been identified in JT2Go (All versions < V13.2), Solid Edge SE2021 (All Versions < SE2021MP5), Teamcenter Visualization (All versions < V13.2). The plmxmlAdapterSE70.dll library in affected applications lacks proper validation of user-supplied data when parsing PAR files. This could result in an out of bounds write past the fixed-length heap-based buffer. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13427)

Memory Corruption

A vulnerability has been identified in JT2Go (All versions < V13.2)

CVE-2021-34328 7.8 - High - July 13, 2021

A vulnerability has been identified in JT2Go (All versions < V13.2), Solid Edge SE2021 (All Versions < SE2021MP5), Teamcenter Visualization (All versions < V13.2). The plmxmlAdapterSE70.dll library in affected applications lacks proper validation of user-supplied data when parsing PAR files. This could result in an out of bounds write past the fixed-length heap-based buffer. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13424)

Memory Corruption

A vulnerability has been identified in JT2Go (All versions < V13.2)

CVE-2021-34327 7.8 - High - July 13, 2021

A vulnerability has been identified in JT2Go (All versions < V13.2), Solid Edge SE2021 (All Versions < SE2021MP5), Teamcenter Visualization (All versions < V13.2). The plmxmlAdapterSE70.dll library in affected applications lacks proper validation of user-supplied data when parsing ASM files. This could result in an out of bounds write past the fixed-length heap-based buffer. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13423)

Memory Corruption

A vulnerability has been identified in JT2Go (All versions < V13.2)

CVE-2021-34326 7.8 - High - July 13, 2021

A vulnerability has been identified in JT2Go (All versions < V13.2), Solid Edge SE2021 (All Versions < SE2021MP5), Teamcenter Visualization (All versions < V13.2). The plmxmlAdapterSE70.dll library in affected applications lacks proper validation of user-supplied data when parsing PAR files. This could result in an out of bounds write past the fixed-length heap-based buffer. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13422)

Memory Corruption

An out-of-bounds write issue exists in the DGN file-reading procedure in the Drawings SDK (Version 2022.4 and prior) resulting

CVE-2021-32952 7.8 - High - June 17, 2021

An out-of-bounds write issue exists in the DGN file-reading procedure in the Drawings SDK (Version 2022.4 and prior) resulting from the lack of proper validation of user-supplied data. This can result in a write past the end of an allocated buffer and allow attackers to cause a denial-of-service condition or execute code in the context of the current process.

Memory Corruption

An out-of-bounds read issue exists within the parsing of DXF files in the Drawings SDK (All versions prior to 2022.4) resulting

CVE-2021-32950 7.1 - High - June 17, 2021

An out-of-bounds read issue exists within the parsing of DXF files in the Drawings SDK (All versions prior to 2022.4) resulting from the lack of proper validation of user-supplied data. This can result in a read past the end of an allocated buffer and allows attackers to cause a denial-of-service condition or read sensitive information from memory locations.

Out-of-bounds Read

An out-of-bounds write issue exists in the DWG file-reading procedure in the Drawings SDK (All versions prior to 2022.4) resulting

CVE-2021-32948 7.8 - High - June 17, 2021

An out-of-bounds write issue exists in the DWG file-reading procedure in the Drawings SDK (All versions prior to 2022.4) resulting from the lack of proper validation of user-supplied data. This can result in a write past the end of an allocated buffer and allow attackers to cause a denial-of-service condition or execute code in the context of the current process.

Memory Corruption

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Siemens Comos or by Siemens? Click the Watch button to subscribe.

Siemens
Vendor

Siemens Teamcenter Visualization
Product

subscribe