Description
A vulnerability has been identified in JT Utilities (All versions < V13.0.2.0). When parsing specially crafted JT files, a race condition could cause an object to be released before being operated on, leading to NULL pointer deference condition and causing the application to crash. An attacker could leverage this vulnerability to cause a Denial-of-Service condition in the application.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://cert-portal.siemens.com/productcert/pdf/ssa-209268.pdf
Scores
CVSS v3
5.5
EPSS
0.0005
EPSS Percentile
16.6%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Details
CWE
CWE-476
Status
published
Products (1)
siemens/jt_utilities
< 13.0.2.0
Published
Jul 13, 2021
Tracked Since
Feb 18, 2026