CVE-2023-7066

Summary

The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PDF files. This could allow an attacker to execute code in the context of the current process.

Affected Software

VendorProductVersion RangeStatus
SiemensJT2Go0 < V14.3.0.8affected
SiemensTeamcenter Visualization0 < V14.1.0.14affected
SiemensTeamcenter Visualization0 < V14.2.0.10affected
SiemensTeamcenter Visualization0 < V14.3.0.8affected
SiemensTeamcenter Visualization0 < V2312.0002affected

Weaknesses

  • CWE-125: CWE-125

Workarounds

To reduce risk, Siemens recommends users not open untrusted PDF files in affected applications.

As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens' operational guidelines for industrial security https://www.siemens.com/cert/operational-guidelines-industrial-security and following recommendations in the product manuals.

Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage https://www.siemens.com/industrialsecurity

For more information see the associated Siemens security advisory SSA-722010

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References