4.8
CVE-2024-37996
- EPSS 0.07%
- Published 09.07.2024 12:15:15
- Last modified 21.11.2024 09:24:40
- Source productcert@siemens.com
- Teams watchlist Login
- Open Login
A vulnerability has been identified in JT Open (All versions < V11.5), JT2Go (All versions < V2406.0003), PLM XML SDK (All versions < V7.1.0.014), Teamcenter Visualization V14.2 (All versions < V14.2.0.13), Teamcenter Visualization V14.3 (All versions < V14.3.0.11), Teamcenter Visualization V2312 (All versions < V2312.0008), Teamcenter Visualization V2406 (All versions < V2406.0003). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted XML files. An attacker could leverage this vulnerability to crash the application causing denial of service condition.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
This information is available to logged-in users. Login
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
VendorSiemens
≫
Product
JT Open
Default Statusunknown
Version <
V11.5
Version
0
Status
affected
VendorSiemens
≫
Product
JT2Go
Default Statusunknown
Version <
V2406.0003
Version
0
Status
affected
VendorSiemens
≫
Product
PLM XML SDK
Default Statusunknown
Version <
V7.1.0.014
Version
0
Status
affected
VendorSiemens
≫
Product
Teamcenter Visualization V14.2
Default Statusunknown
Version <
V14.2.0.13
Version
0
Status
affected
VendorSiemens
≫
Product
Teamcenter Visualization V14.3
Default Statusunknown
Version <
V14.3.0.11
Version
0
Status
affected
VendorSiemens
≫
Product
Teamcenter Visualization V2312
Default Statusunknown
Version <
V2312.0008
Version
0
Status
affected
VendorSiemens
≫
Product
Teamcenter Visualization V2406
Default Statusunknown
Version <
V2406.0003
Version
0
Status
affected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.07% | 0.222 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| productcert@siemens.com | 4.8 | 0 | 0 |
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
| productcert@siemens.com | 3.3 | 1.8 | 1.4 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
|
CWE-476 NULL Pointer Dereference
The product dereferences a pointer that it expects to be valid but is NULL.