CVE-2022-2069

Summary

The APDFL.dll in Siemens JT2Go prior to V13.3.0.5 and Siemens Teamcenter Visualization prior to V14.0.0.2 contains an out of bounds write past the fixed-length heap-based buffer while parsing specially crafted PDF files. This could allow an attacker to execute code in the context of the current process.

Affected Software

VendorProductVersion RangeStatus
SiemensJT2Gounspecified < V13.3.0.5affected
SiemensTeamcenter Visualization V13.3unspecified < V13.3.0.5affected
SiemensTeamcenter Visualization V14.0unspecified < V14.0.0.2affected

Weaknesses

  • CWE-122: CWE-122: Heap-based Buffer Overflow

Workarounds

Avoid opening untrusted files in JT2Go and Teamcenter Visualization

As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens’ and to follow the recommendations in the product manuals.

Additional information on industrial security by Siemens can be found on Siemens’ Industrial Security webpage.

For more information see Siemens Security Advisory SSA-829738

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References