CVE-2024-37996

Summary

A vulnerability has been identified in JT Open (All versions < V11.5), JT2Go (All versions < V2406.0003), PLM XML SDK (All versions < V7.1.0.014), Teamcenter Visualization V14.2 (All versions < V14.2.0.13), Teamcenter Visualization V14.3 (All versions < V14.3.0.11), Teamcenter Visualization V2312 (All versions < V2312.0008), Teamcenter Visualization V2406 (All versions < V2406.0003). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted XML files. An attacker could leverage this vulnerability to crash the application causing denial of service condition.

Affected Software

VendorProductVersion RangeStatus
SiemensJT Open0 < V11.5affected
SiemensJT2Go0 < V2406.0003affected
SiemensPLM XML SDK0 < V7.1.0.014affected
SiemensTeamcenter Visualization V14.20 < V14.2.0.13affected
SiemensTeamcenter Visualization V14.30 < V14.3.0.11affected
SiemensTeamcenter Visualization V23120 < V2312.0008affected
SiemensTeamcenter Visualization V24060 < V2406.0003affected

Weaknesses

  • CWE-476: CWE-476: NULL Pointer Dereference

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References