CVE-2024-26276

Published Apr 9, 2024

Last updated 5 months ago

CVSS medium 4.8

Overview

Description: A vulnerability has been identified in JT2Go (All versions < V2312.0004), Parasolid V35.1 (All versions < V35.1.254), Parasolid V36.0 (All versions < V36.0.207), Parasolid V36.1 (All versions < V36.1.147), Teamcenter Visualization V14.2 (All versions < V14.2.0.12), Teamcenter Visualization V14.3 (All versions < V14.3.0.9), Teamcenter Visualization V2312 (All versions < V2312.0004). The affected application contains a stack exhaustion vulnerability while parsing a specially crafted X_T file. This could allow an attacker to cause denial of service condition.
Source: productcert@siemens.com
NVD status: Analyzed
Products: jt2go, parasolid, teamcenter_visualization

Risk scores

CVSS 4.0

Type: Secondary
Base score: 4.8
Impact score: -
Exploitability score: -
Vector string: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Severity: MEDIUM

CVSS 3.1

Type: Primary
Base score: 5.5
Impact score: 3.6
Exploitability score: 1.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Severity: MEDIUM

Weaknesses

productcert@siemens.com: CWE-770

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "D866F4F7-D2B7-499F-9A9F-CB5D9A40B52A",
            "versionEndExcluding": "2312.0004",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:siemens:parasolid:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "2C5B8DD7-F87C-4EAD-AF0E-6125A5017988",
            "versionEndExcluding": "35.1.254",
            "versionStartIncluding": "35.1",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:siemens:parasolid:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "53F83A10-6FA3-477E-BE18-34AA39FB996D",
            "versionEndExcluding": "36.0.207",
            "versionStartIncluding": "36.0",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:siemens:parasolid:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "B1E2DE94-EC81-4DDF-A545-31B1AAB3FC03",
            "versionEndExcluding": "36.1.147",
            "versionStartIncluding": "36.1",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "0973D930-AC79-48B1-A4A6-25F7734B5822",
            "versionEndExcluding": "14.2.0.12",
            "versionStartIncluding": "14.2",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "47FA9CED-27B4-4AF6-83B4-054E1FABC888",
            "versionEndExcluding": "14.3.0.9",
            "versionStartIncluding": "14.3",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "064B1ABE-247D-410F-A4E7-C428753DF69F",
            "versionEndExcluding": "2312.0004",
            "versionStartIncluding": "2312.0",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 4.0

CVSS 3.1

Weaknesses

Social media

Configurations

Related CVEs

References