CVE-2022-41288 - Vulnerability Details - OpenCVE

A vulnerability has been identified in JT2Go (All versions < V14.1.0.6), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CGM_NIST_Loader.dll contains stack exhaustion vulnerability when parsing a CGM file. An attacker could leverage this vulnerability to crash the application causing denial of service condition.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Siemens	Jt2go Teamcenter Visualization

Configuration 1 [-]

OR	cpe:2.3:a:siemens:jt2go:-:::::::*
	cpe:2.3:a:siemens:teamcenter_visualization::::::::
	cpe:2.3:a:siemens:teamcenter_visualization::::::::
	cpe:2.3:a:siemens:teamcenter_visualization::::::::
	cpe:2.3:a:siemens:teamcenter_visualization::::::::

No data.

References

Link	Providers
https://cert-portal.siemens.com/productcert/pdf/ssa-700053.pdf

History

Mon, 21 Apr 2025 14:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: siemens

Published: 2022-12-13T00:00:00.000Z

Updated: 2025-04-21T13:44:05.544Z

Reserved: 2022-09-21T00:00:00.000Z

Link: CVE-2022-41288

Vulnrichment

Updated: 2024-08-03T12:42:46.202Z

NVD

Status : Modified

Published: 2022-12-13T16:15:23.133

Modified: 2024-11-21T07:22:59.223

Link: CVE-2022-41288

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-41288", "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "dateUpdated": "2025-04-21T13:44:05.544Z", "dateReserved": "2022-09-21T00:00:00.000Z", "datePublished": "2022-12-13T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens", "dateUpdated": "2023-04-11T09:02:48.369Z"}, "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions < V14.1.0.6), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CGM_NIST_Loader.dll contains stack exhaustion vulnerability when parsing a CGM file. An attacker could leverage this vulnerability to crash the application causing denial of service condition."}], "affected": [{"vendor": "Siemens", "product": "JT2Go", "versions": [{"version": "All versions < V14.1.0.6", "status": "affected"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "Teamcenter Visualization V13.2", "versions": [{"version": "All versions < V13.2.0.12", "status": "affected"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "Teamcenter Visualization V13.3", "versions": [{"version": "All versions < V13.3.0.8", "status": "affected"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "Teamcenter Visualization V14.0", "versions": [{"version": "All versions < V14.0.0.4", "status": "affected"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "Teamcenter Visualization V14.1", "versions": [{"version": "All versions < V14.1.0.6", "status": "affected"}], "defaultStatus": "unknown"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C", "baseScore": 3.3, "baseSeverity": "LOW"}}], "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-770", "description": "CWE-770: Allocation of Resources Without Limits or Throttling", "type": "CWE"}]}], "references": [{"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-700053.pdf"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T12:42:46.202Z"}, "title": "CVE Program Container", "references": [{"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-700053.pdf", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-18T15:14:58.459752Z", "id": "CVE-2022-41288", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-21T13:44:05.544Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-700053.pdf", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T12:42:46.202Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-41288", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-18T15:14:58.459752Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-18T15:15:00.670Z"}}], "cna": {"metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 3.3, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"}}], "affected": [{"vendor": "Siemens", "product": "JT2Go", "versions": [{"status": "affected", "version": "All versions < V14.1.0.6"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "Teamcenter Visualization V13.2", "versions": [{"status": "affected", "version": "All versions < V13.2.0.12"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "Teamcenter Visualization V13.3", "versions": [{"status": "affected", "version": "All versions < V13.3.0.8"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "Teamcenter Visualization V14.0", "versions": [{"status": "affected", "version": "All versions < V14.0.0.4"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "Teamcenter Visualization V14.1", "versions": [{"status": "affected", "version": "All versions < V14.1.0.6"}], "defaultStatus": "unknown"}], "references": [{"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-700053.pdf"}], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions < V14.1.0.6), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CGM_NIST_Loader.dll contains stack exhaustion vulnerability when parsing a CGM file. An attacker could leverage this vulnerability to crash the application causing denial of service condition."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-770", "description": "CWE-770: Allocation of Resources Without Limits or Throttling"}]}], "providerMetadata": {"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens", "dateUpdated": "2023-04-11T09:02:48.369Z"}}}, "cveMetadata": {"cveId": "CVE-2022-41288", "state": "PUBLISHED", "dateUpdated": "2025-04-21T13:44:05.544Z", "dateReserved": "2022-09-21T00:00:00.000Z", "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "datePublished": "2022-12-13T00:00:00.000Z", "assignerShortName": "siemens"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:siemens:jt2go:-:*:*:*:*:*:*:*", "matchCriteriaId": "A264819D-B571-4E10-98CE-7D1E2C04D312", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "matchCriteriaId": "2CB3887E-4564-4715-B27F-5BE6757EE960", "versionEndExcluding": "13.2.0.12", "versionStartIncluding": "13.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "matchCriteriaId": "DF82E5C7-68B6-456B-9658-CCF1FB1DC4D9", "versionEndExcluding": "13.3.0.8", "versionStartIncluding": "13.3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "matchCriteriaId": "B0296066-2DC4-407F-9AA9-49BE916988C8", "versionEndExcluding": "14.0.0.4", "versionStartIncluding": "14.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "matchCriteriaId": "D8922308-85AE-4EAE-BF4A-7CE54201713B", "versionEndExcluding": "14.1.0.6", "versionStartIncluding": "14.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions < V14.1.0.6), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CGM_NIST_Loader.dll contains stack exhaustion vulnerability when parsing a CGM file. An attacker could leverage this vulnerability to crash the application causing denial of service condition."}, {"lang": "es", "value": "Se ha identificado una vulnerabilidad en:\nJT2Go (Todas las versiones < V14.1.0.6), \nTeamcenter Visualization V13.2 (Todas las versiones < V13.2.0.12), \nTeamcenter Visualization V13.3 (Todas las versiones < V13.3.0. 8),\nTeamcenter Visualization V14.0 (todas las versiones < V14.0.0.4), \nTeamcenter Visualization V14.1 (todas las versiones < V14.1.0.6). \nCGM_NIST_Loader.dll contiene una vulnerabilidad de agotamiento de pila al analizar un archivo CGM. Un atacante podr\u00eda aprovechar esta vulnerabilidad para bloquear la aplicaci\u00f3n y provocar una condici\u00f3n de Denegaci\u00f3n de Servicio (DoS)."}], "id": "CVE-2022-41288", "lastModified": "2024-11-21T07:22:59.223", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "productcert@siemens.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Secondary"}]}, "published": "2022-12-13T16:15:23.133", "references": [{"source": "productcert@siemens.com", "tags": ["Vendor Advisory"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-700053.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-700053.pdf"}], "sourceIdentifier": "productcert@siemens.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-770"}], "source": "productcert@siemens.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-770"}], "source": "nvd@nist.gov", "type": "Secondary"}]}