CVE-2022-29033
HIGHJT2Go, Teamcenter Visualization <13.3.0.3, 14.0.0.1 - RCE
Title source: llmDescription
A vulnerability has been identified in JT2Go (All versions < V13.3.0.3), Teamcenter Visualization V13.3 (All versions < V13.3.0.3), Teamcenter Visualization V14.0 (All versions < V14.0.0.1). The CGM_NIST_Loader.dll library is vulnerable to uninitialized pointer free while parsing specially crafted CGM files. An attacker could leverage this vulnerability to execute code in the context of the current process.
References (1)
Core 1
Core References
Patch, Vendor Advisory x_refsource_misc
https://cert-portal.siemens.com/productcert/pdf/ssa-553086.pdf
Scores
CVSS v3
7.8
EPSS
0.0073
EPSS Percentile
49.2%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-824
Status
published
Products (2)
siemens/jt2go
< 13.3.0.3
siemens/teamcenter_visualization
13.3 - 13.3.0.3
Published
May 20, 2022
Tracked Since
Feb 18, 2026