CVE-2024-26276

EPSS 0.08%
Published 09.04.2024 09:15:24
Last modified 03.10.2025 20:06:47
Source productcert@siemens.com
Teams watchlist Login
Open Login

A vulnerability has been identified in JT2Go (All versions < V2312.0004), Parasolid V35.1 (All versions < V35.1.254), Parasolid V36.0 (All versions < V36.0.207), Parasolid V36.1 (All versions < V36.1.147), Teamcenter Visualization V14.2 (All versions < V14.2.0.12), Teamcenter Visualization V14.3 (All versions < V14.3.0.9), Teamcenter Visualization V2312 (All versions < V2312.0004). The affected application contains a stack exhaustion vulnerability while parsing a specially crafted X_T file. This could allow an attacker to cause denial of service condition.

Affected products Warnungen 0 Metrics 4 CWE 1 References 5

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Data is provided by the National Vulnerability Database (NVD)

Siemens ≫ Jt2go Version < 2312.0004

Siemens ≫ Parasolid Version >= 35.1 < 35.1.254

Siemens ≫ Parasolid Version >= 36.0 < 36.0.207

Siemens ≫ Parasolid Version >= 36.1 < 36.1.147

Siemens ≫ Teamcenter Visualization Version >= 14.2 < 14.2.0.12

Siemens ≫ Teamcenter Visualization Version >= 14.3 < 14.3.0.9

Siemens ≫ Teamcenter Visualization Version >= 2312.0 < 2312.0004

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.08%	0.237

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
productcert@siemens.com	4.8	0	0	CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
productcert@siemens.com	3.3	1.8	1.4	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

CWE-770 Allocation of Resources Without Limits or Throttling

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

https://cert-portal.siemens.com/productcert/html/ssa-222019.html

Vendor Advisory

https://cert-portal.siemens.com/productcert/html/ssa-771940.html

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-26276

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-26276

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-26276

EUVD