CVE-2022-29033

HIGH

JT2Go, Teamcenter Visualization <13.3.0.3, 14.0.0.1 - RCE

Title source: llm

Description

A vulnerability has been identified in JT2Go (All versions < V13.3.0.3), Teamcenter Visualization V13.3 (All versions < V13.3.0.3), Teamcenter Visualization V14.0 (All versions < V14.0.0.1). The CGM_NIST_Loader.dll library is vulnerable to uninitialized pointer free while parsing specially crafted CGM files. An attacker could leverage this vulnerability to execute code in the context of the current process.

References (1)

[Patch, Vendor Advisory] https://cert-portal.siemens.com/productcert/pdf/ssa-553086.pdf

Scores

CVSS v3 7.8

EPSS 0.0037

EPSS Percentile 58.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-824

Status published

Products (2)

siemens/jt2go < 13.3.0.3

siemens/teamcenter_visualization 13.3 - 13.3.0.3

Published May 20, 2022

Tracked Since Feb 18, 2026