5.5
CVE-2023-51744
- EPSS 0.04%
- Published 09.01.2024 10:15:21
- Last modified 21.11.2024 08:38:43
- Source productcert@siemens.com
- Teams watchlist Login
- Open Login
A vulnerability has been identified in JT2Go (All versions < V14.3.0.6), Teamcenter Visualization V13.3 (All versions < V13.3.0.13), Teamcenter Visualization V14.1 (All versions < V14.1.0.12), Teamcenter Visualization V14.2 (All versions < V14.2.0.9), Teamcenter Visualization V14.3 (All versions < V14.3.0.6). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to crash the application causing denial of service condition.
Data is provided by the National Vulnerability Database (NVD)
Siemens ≫ Teamcenter Visualization Version >= 13.3.0 < 13.3.0.13
Siemens ≫ Teamcenter Visualization Version >= 14.1 < 14.1.0.12
Siemens ≫ Teamcenter Visualization Version >= 14.2 < 14.2.0.9
Siemens ≫ Teamcenter Visualization Version >= 14.3 < 14.3.0.6
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.04% | 0.113 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
|
| productcert@siemens.com | 3.3 | 1.8 | 1.4 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
|
CWE-476 NULL Pointer Dereference
The product dereferences a pointer that it expects to be valid but is NULL.