A vulnerability has been identified in JT2Go (All versions < V14.1.0.4), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.7), Teamcenter Visualization V14.0 (All versions < V14.0.0.3), Teamcenter Visualization V14.1 (All versions < V14.1.0.4). The affected applications contain a use-after-free vulnerability that could be triggered while parsing specially crafted CGM files. An attacker could leverage this vulnerability to execute code in the context of the current process.

The version of Siemens JT2Go installed on the remote Windows hosts is prior to 14.1.0.4. It is, therefore, affected by multiple file parsing vulnerabilities that could be triggered when the application reads malicious TIF, CGM or PDF files. If a user is tricked to open a malicious TIF, CGM or PDF file this could lead the application to crash or potentially lead to arbitrary code execution.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Detections

Analytics

CVE-2022-41663

high

Tenable Plugins

high