CVE-2023-38071
CVSS 3.1 Score 7.8 of 10 (high)
Details
Summary
CVE-2023-38071: Multiple versions of JT2Go, Teamcenter Visualization, and Tecnomatix Plant Simulation are vulnerable to heap-based buffer overflows when processing specially crafted WRL files. This issue could potentially be exploited by attackers to execute arbitrary code in the context of the affected application. Versions of JT2Go below V14.3.0.1, Teamcenter Visualization V13.3 below V13.3.0.12, Teamcenter Visualization V14.0, V14.1 below V14.1.0.11, V14.2 below V14.2.0.6, V14.3 below V14.3.0.1, Tecnomatix Plant Simulation V2201 below V2201.0010, and Tecnomatix Plant Simulation V2302 below V2302.0004 are affected. (ZDI-CAN-20824) This vulnerability, designated as CVE-2023-38071, exposes multiple applications to a heap-based buffer overflow risk when handling WRL files. The affected applications, which include JT2Go, Teamcenter Visualization, and Tecnomatix Plant Simulation, are vulnerable to code injection due to this issue. Versions prior to V14.3.0.1 for JT2Go, V13.3.0.12 for Teamcenter Visualization V13.3, V14.0, V14.1 below V14.1.0.11, V14.2 below V14.2.0.6, V14.3 below V14.3.0.1 for Teamcenter Visualization, V2201 below V2201.0010 for Tecnomatix Plant Simulation V2201, and V2302 below V2302.0004 for Tecnomatix Plant Simulation are all affected. The exploitation of this vulnerability could enable an attacker to execute arbitrary code in the context of the current process. (ZDI-CAN-20824) In summary, CVE-2023-38071 is a critical security issue affecting multiple versions of JT2Go, Teamcenter Visualization, and Tecnomatix Plant Simulation. These applications are vulnerable to heap-based buffer overflow attacks, allowing malicious code execution in the context of the affected process. Impacted versions include JT2Go below V14.3.0.1, Teamcenter Visualization V13.3 below V13.3.0.12, Teamcenter Visualization V14.0, V14.1 below V14.1.0.11, V14.2 below V14.2.0.6, V14.3 below V14.3.0.1, Tecnomatix Plant Simulation V2201 below V2201.0010, and Tecnomatix Plant Simulation V2302 below V2302.0004. The ZDI-CAN-20824 advisory highlights the significance of this vulnerability and the potential consequences of its exploitation. A heap-based buffer overflow vulnerability, identified as CVE-2023-38071, has been discovered in multiple versions of JT2Go, Teamcenter Visualization, and Tecnomatix Plant Simulation. This issue arises when handling WRL files, and it allows an attacker to execute arbitrary code in the context of the affected application. Versions of JT2Go below V14.3.0.1, Teamcenter Visualization V13.3 below V13.3.0.12, Teamcenter Visualization V14.0, V14.1 below V14.1.0.11, V14.2 below V14.2.0.6, V14.3 below V14.3.0.1, Tecnomatix Plant Simulation V2201 below V2201.0010, and Tecnomatix Plant Simulation V2302 below V2302.0004 are all affected. The exploitation of this vulnerability could enable an attacker to gain unauthorized access to the affected system or execute malicious code. (ZDI-CAN-20824) A heap-based buffer overflow vulnerability, CVE-2023-38071, has been identified in multiple versions of JT2Go, Teamcenter Visualization, and Tecnomatix Plant Simulation. This issue, which arises when parsing WRL files, could potentially allow an attacker to execute arbitrary code in the context of the affected application. Affected versions include JT2Go below V14.3.0.1, Teamcenter Visualization V13.3 below V13.3.0.12, Teamcenter Visualization V14.0, V14.1 below V14.1.0.11, V14.2 below V14.2.0.6, V14.3 below V14.3.0.1, Tecnomatix Plant Simulation V2201 below V2201.0010, and Tecnomatix Plant Simulation V2302 below V2302.0004. The exploitation of this vulnerability, as outlined in the ZDI-CAN-20824 advisory, could allow an attacker to gain unauthorized access, steal sensitive data, or execute malicious code on the affected system. Multiple applications, including JT2Go, Teamcenter Visualization, and Tecnomatix Plant Simulation, are vulnerable to heap-based buffer overflows when processing WRL files due to CVE-2023-38071. Affected versions encompass JT2Go below V14.3.0.1, Teamcenter Visualization V13.3 below V13.3.0.12, Teamcenter Visualization V14.0, V14.1 below V14.1.0.11, V14.2 below V14.2.0.6, V14.3 below V14.3.0.1, Tecnomatix Plant Simulation V2201 below V2201.0010, and Tecnomatix Plant Simulation V2302 below V2302.0004. The exploitation of this vulnerability, as detailed in the ZDI-CAN-20824 advisory, could enable an attacker to execute arbitrary code in the context of the affected application, potentially resulting in unauthorized access, data theft, or system compromise.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Siemens Teamcenter Visualization
- Siemens JT2GO
- Teamcenter
Affected Vendors
- Siemens AG