CVE-2023-38072

A vulnerability has been identified in JT2Go (All versions < V14.3.0.1), Teamcenter Visualization V13.3 (All versions < V13.3.0.12), Teamcenter Visualization V14.0 (All versions), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.1), Tecnomatix Plant Simulation V2201 (All versions < V2201.0010), Tecnomatix Plant Simulation V2302 (All versions < V2302.0004). The affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20825)

Published: Sep 12, 2023
Updated: Nov 15, 2023
CVE: CVE-2023-38072
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.8
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWEs:

CWE-787

Affected Software
References

Software	From	Fixed in
siemens / teamcenter_visualization	14.2	14.2.0.6
siemens / teamcenter_visualization	14.3	14.3.0.1
siemens / teamcenter_visualization	14.0	14.1.0.11
siemens / jt2go	-	14.3.0.1
siemens / teamcenter_visualization	13.3.0	13.4.0.12
siemens / tecnomatix_plant_simulation	2201.0	2201.0010
siemens / tecnomatix_plant_simulation	2302.0	2302.0004

Vulnerability Database

289,697

CVE-2023-38072