Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2021-34306

Summary
Assigner-siemens
Assigner Org ID-cec7a2ec-15b4-4faf-bd53-b40f371f3a77
Published At-13 Jul, 2021 | 11:03
Updated At-04 Aug, 2024 | 00:05
Rejected At-
Credits

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The BMP_Loader.dll library in affected applications lacks proper validation of user-supplied data when parsing BMP files. This could result in a memory corruption condition. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13342)

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:siemens
Assigner Org ID:cec7a2ec-15b4-4faf-bd53-b40f371f3a77
Published At:13 Jul, 2021 | 11:03
Updated At:04 Aug, 2024 | 00:05
Rejected At:
▼CVE Numbering Authority (CNA)

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The BMP_Loader.dll library in affected applications lacks proper validation of user-supplied data when parsing BMP files. This could result in a memory corruption condition. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13342)

Affected Products
Vendor
Siemens AGSiemens
Product
JT2Go
Versions
Affected
  • All versions < V13.2
Vendor
Siemens AGSiemens
Product
Teamcenter Visualization
Versions
Affected
  • All versions < V13.2
Problem Types
TypeCWE IDDescription
CWECWE-119CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
Type: CWE
CWE ID: CWE-119
Description: CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf
x_refsource_MISC
https://www.zerodayinitiative.com/advisories/ZDI-21-835/
x_refsource_MISC
Hyperlink: https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf
Resource:
x_refsource_MISC
Hyperlink: https://www.zerodayinitiative.com/advisories/ZDI-21-835/
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf
x_refsource_MISC
x_transferred
https://www.zerodayinitiative.com/advisories/ZDI-21-835/
x_refsource_MISC
x_transferred
Hyperlink: https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://www.zerodayinitiative.com/advisories/ZDI-21-835/
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:productcert@siemens.com
Published At:13 Jul, 2021 | 11:15
Updated At:07 Oct, 2022 | 20:47

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The BMP_Loader.dll library in affected applications lacks proper validation of user-supplied data when parsing BMP files. This could result in a memory corruption condition. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13342)

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary2.06.8MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Type: Primary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 6.8
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CPE Matches
Siemens AG
siemens
>>jt2go>>Versions before 13.2.0(exclusive)
cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*
Siemens AG
siemens
>>teamcenter_visualization>>Versions before 13.2.0(exclusive)
cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-787Primarynvd@nist.gov
CWE-119Secondaryproductcert@siemens.com
CWE ID: CWE-787
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-119
Type: Secondary
Source: productcert@siemens.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdfproductcert@siemens.com
Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-21-835/productcert@siemens.com
Third Party Advisory
VDB Entry
Hyperlink: https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf
Source: productcert@siemens.com
Resource:
Vendor Advisory
Hyperlink: https://www.zerodayinitiative.com/advisories/ZDI-21-835/
Source: productcert@siemens.com
Resource:
Third Party Advisory
VDB Entry

Change History

0
Information is not available yet

Similar CVEs

5935Records found
CVE-2021-27387
Matching Score-10
Assigner-Siemens
ShareView Details
Matching Score-10
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-0.40% / 60.16%
||
7 Day CHG~0.00%
Published-08 Jun, 2021 | 19:47
Updated-03 Aug, 2024 | 20:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Simcenter Femap 2020.2 (All versions < V2020.2.MP3), Simcenter Femap 2021.1 (All versions < V2021.1.MP3). The femap.exe application lacks proper validation of user-supplied data when parsing FEMAP files. This could result in an out of bounds write past the end of an allocated structure, a different vulnerability than CVE-2021-27399. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12819)

Action-Not Available
Vendor-Siemens AG
Product-simcenter_femapSimcenter Femap 2020.2Simcenter Femap 2021.1
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-41033
Matching Score-10
Assigner-Siemens
ShareView Details
Matching Score-10
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-0.12% / 31.17%
||
7 Day CHG~0.00%
Published-12 Sep, 2023 | 09:32
Updated-27 Feb, 2025 | 20:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Parasolid V35.0 (All versions < V35.0.260), Parasolid V35.1 (All versions < V35.1.246), Parasolid V36.0 (All versions < V36.0.156), Simcenter Femap V2301 (All versions < V2301.0003), Simcenter Femap V2306 (All versions < V2306.0001). The affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21266)

Action-Not Available
Vendor-Siemens AG
Product-parasolidsimcenter_femapParasolid V35.1Parasolid V36.0Simcenter Femap V2301Parasolid V35.0Simcenter Femap V2306
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-27390
Matching Score-10
Assigner-Siemens
ShareView Details
Matching Score-10
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-0.37% / 57.89%
||
7 Day CHG~0.00%
Published-08 Jun, 2021 | 19:47
Updated-03 Aug, 2024 | 20:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in JT2Go (All versions < V13.1.0.3), Teamcenter Visualization (All versions < V13.1.0.3). The TIFF_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing TIFF files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13131)

Action-Not Available
Vendor-Siemens AG
Product-jt2goteamcenter_visualizationJT2GoTeamcenter Visualization
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-25174
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.40% / 59.59%
||
7 Day CHG~0.00%
Published-18 Jan, 2021 | 07:14
Updated-03 Aug, 2024 | 19:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Open Design Alliance Drawings SDK before 2021.12. A memory corruption vulnerability exists when reading malformed DGN files. It can allow attackers to cause a crash, potentially enabling denial of service (Crash, Exit, or Restart).

Action-Not Available
Vendor-opendesignn/aSiemens AG
Product-jt2gocomosdrawings_software_development_kitteamcenter_visualizationn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-39419
Matching Score-10
Assigner-Siemens
ShareView Details
Matching Score-10
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-0.07% / 22.56%
||
7 Day CHG~0.00%
Published-08 Aug, 2023 | 09:21
Updated-11 Oct, 2024 | 22:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 7). The affected applications contain an out of bounds write past the end of an allocated structure while parsing specially crafted DFT files. This could allow an attacker to execute code in the context of the current process.

Action-Not Available
Vendor-Siemens AG
Product-solid_edgeSolid Edge SE2023solid_edge
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-25678
Matching Score-10
Assigner-Siemens
ShareView Details
Matching Score-10
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-0.38% / 58.66%
||
7 Day CHG~0.00%
Published-22 Apr, 2021 | 20:42
Updated-03 Aug, 2024 | 20:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Solid Edge SE2020 (All versions < SE2020MP13), Solid Edge SE2020 (All versions < SE2020MP14), Solid Edge SE2021 (All Versions < SE2021MP4). Affected applications lack proper validation of user-supplied data when parsing PAR files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12529)

Action-Not Available
Vendor-Siemens AG
Product-solid_edge_se2021solid_edge_se2020Solid Edge SE2021Solid Edge SE2020
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-39181
Matching Score-10
Assigner-Siemens
ShareView Details
Matching Score-10
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-0.07% / 22.56%
||
7 Day CHG~0.00%
Published-08 Aug, 2023 | 09:20
Updated-11 Oct, 2024 | 13:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 7). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted PAR file. This could allow an attacker to execute code in the context of the current process.

Action-Not Available
Vendor-Siemens AG
Product-solid_edgeSolid Edge SE2023
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-38076
Matching Score-10
Assigner-Siemens
ShareView Details
Matching Score-10
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-0.07% / 23.14%
||
7 Day CHG~0.00%
Published-12 Sep, 2023 | 09:32
Updated-02 Aug, 2024 | 17:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in JT2Go (All versions < V14.3.0.1), Teamcenter Visualization V13.3 (All versions < V13.3.0.12), Teamcenter Visualization V14.0 (All versions), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.1), Tecnomatix Plant Simulation V2201 (All versions < V2201.0010), Tecnomatix Plant Simulation V2302 (All versions < V2302.0004). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21041)

Action-Not Available
Vendor-Siemens AG
Product-jt2gotecnomatix_plant_simulationteamcenter_visualizationTecnomatix Plant Simulation V2201Teamcenter Visualization V14.1Teamcenter Visualization V14.0Teamcenter Visualization V13.3JT2GoTecnomatix Plant Simulation V2302Teamcenter Visualization V14.2Teamcenter Visualization V14.3
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-38679
Matching Score-10
Assigner-Siemens
ShareView Details
Matching Score-10
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-0.07% / 21.30%
||
7 Day CHG~0.00%
Published-08 Aug, 2023 | 09:20
Updated-11 Oct, 2024 | 13:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21106)

Action-Not Available
Vendor-Siemens AG
Product-tecnomatixTecnomatix Plant Simulation V2201Tecnomatix Plant Simulation V2302
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-38070
Matching Score-10
Assigner-Siemens
ShareView Details
Matching Score-10
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-0.04% / 10.08%
||
7 Day CHG~0.00%
Published-12 Sep, 2023 | 09:32
Updated-02 Aug, 2024 | 17:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in JT2Go (All versions < V14.3.0.1), Teamcenter Visualization V13.3 (All versions < V13.3.0.12), Teamcenter Visualization V14.0 (All versions), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.1), Tecnomatix Plant Simulation V2201 (All versions < V2201.0010), Tecnomatix Plant Simulation V2302 (All versions < V2302.0004). The affected application is vulnerable to stack-based buffer overflow while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20818)

Action-Not Available
Vendor-Siemens AG
Product-jt2gotecnomatix_plant_simulationteamcenter_visualizationTecnomatix Plant Simulation V2201Teamcenter Visualization V14.1Teamcenter Visualization V14.0Teamcenter Visualization V13.3JT2GoTecnomatix Plant Simulation V2302Teamcenter Visualization V14.2Teamcenter Visualization V14.3
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-25175
Matching Score-10
Assigner-Siemens
ShareView Details
Matching Score-10
Assigner-Siemens
CVSS Score-7.3||HIGH
EPSS-0.02% / 3.54%
||
7 Day CHG~0.00%
Published-13 Mar, 2025 | 09:07
Updated-19 Aug, 2025 | 17:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Simcenter Femap V2401 (All versions < V2401.0003), Simcenter Femap V2406 (All versions < V2406.0002). The affected application contains a memory corruption vulnerability while parsing specially crafted .NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-25443)

Action-Not Available
Vendor-Siemens AG
Product-simcenter_femapSimcenter Femap V2406Simcenter Femap V2401
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2021-46160
Matching Score-10
Assigner-Siemens
ShareView Details
Matching Score-10
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-0.40% / 60.16%
||
7 Day CHG~0.00%
Published-09 Feb, 2022 | 15:17
Updated-04 Aug, 2024 | 05:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021.1 (All versions). Affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15286)

Action-Not Available
Vendor-Siemens AG
Product-simcenter_femapSimcenter Femap V2020.2Simcenter Femap V2021.1
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-22647
Matching Score-10
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-10
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.8||HIGH
EPSS-0.37% / 57.90%
||
7 Day CHG~0.00%
Published-23 Feb, 2021 | 03:13
Updated-03 Aug, 2024 | 18:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are vulnerable to multiple out-of-bounds write issues while processing project files, which may allow an attacker to execute arbitrary code.

Action-Not Available
Vendor-luxionn/aSiemens AG
Product-solid_edge_se2021solid_edge_se2020_firmwarekeyshotsolid_edge_se2021_firmwaresolid_edge_se2020keyvrkeyshot_network_renderingkeyshot_viewerLuxion KeyShotLuxion KeyVRLuxion KeyShot Network RenderingLuxion KeyShot Viewer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-37375
Matching Score-10
Assigner-Siemens
ShareView Details
Matching Score-10
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-0.08% / 25.23%
||
7 Day CHG~0.00%
Published-11 Jul, 2023 | 09:07
Updated-07 Nov, 2024 | 19:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). The affected application is vulnerable to stack-based buffer overflow while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21060)

Action-Not Available
Vendor-Siemens AG
Product-tecnomatixTecnomatix Plant Simulation V2201Tecnomatix Plant Simulation V2302
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-37248
Matching Score-10
Assigner-Siemens
ShareView Details
Matching Score-10
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-0.07% / 21.30%
||
7 Day CHG~0.00%
Published-11 Jul, 2023 | 09:07
Updated-08 Nov, 2024 | 17:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted PAR file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21155)

Action-Not Available
Vendor-Siemens AG
Product-tecnomatixTecnomatix Plant Simulation V2201Tecnomatix Plant Simulation V2302
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-37374
Matching Score-10
Assigner-Siemens
ShareView Details
Matching Score-10
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-0.08% / 25.23%
||
7 Day CHG~0.00%
Published-11 Jul, 2023 | 09:07
Updated-08 Nov, 2024 | 16:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). The affected application is vulnerable to stack-based buffer overflow while parsing specially crafted STP files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21054)

Action-Not Available
Vendor-Siemens AG
Product-tecnomatixTecnomatix Plant Simulation V2201Tecnomatix Plant Simulation V2302
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-23397
Matching Score-10
Assigner-Siemens
ShareView Details
Matching Score-10
Assigner-Siemens
CVSS Score-7.3||HIGH
EPSS-0.02% / 4.16%
||
7 Day CHG~0.00%
Published-11 Mar, 2025 | 09:48
Updated-11 Mar, 2025 | 13:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Teamcenter Visualization V14.3 (All versions < V14.3.0.13), Teamcenter Visualization V2312 (All versions < V2312.0009), Teamcenter Visualization V2406 (All versions < V2406.0007), Teamcenter Visualization V2412 (All versions < V2412.0002), Tecnomatix Plant Simulation V2302 (All versions < V2302.0021), Tecnomatix Plant Simulation V2404 (All versions < V2404.0010). The affected application is vulnerable to memory corruption while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process.

Action-Not Available
Vendor-Siemens AG
Product-Teamcenter Visualization V2406Teamcenter Visualization V2412Teamcenter Visualization V2312Tecnomatix Plant Simulation V2404Teamcenter Visualization V14.3Tecnomatix Plant Simulation V2302
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2023-37246
Matching Score-10
Assigner-Siemens
ShareView Details
Matching Score-10
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-0.08% / 25.23%
||
7 Day CHG~0.00%
Published-11 Jul, 2023 | 09:07
Updated-08 Nov, 2024 | 17:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted PRT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21109)

Action-Not Available
Vendor-Siemens AG
Product-tecnomatixTecnomatix Plant Simulation V2201Tecnomatix Plant Simulation V2302
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-23400
Matching Score-10
Assigner-Siemens
ShareView Details
Matching Score-10
Assigner-Siemens
CVSS Score-7.3||HIGH
EPSS-0.02% / 4.16%
||
7 Day CHG~0.00%
Published-11 Mar, 2025 | 09:48
Updated-11 Mar, 2025 | 14:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Teamcenter Visualization V14.3 (All versions < V14.3.0.13), Teamcenter Visualization V2312 (All versions < V2312.0009), Teamcenter Visualization V2406 (All versions < V2406.0007), Teamcenter Visualization V2412 (All versions < V2412.0002), Tecnomatix Plant Simulation V2302 (All versions < V2302.0021), Tecnomatix Plant Simulation V2404 (All versions < V2404.0010). The affected application is vulnerable to memory corruption while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process.

Action-Not Available
Vendor-Siemens AG
Product-Teamcenter Visualization V2406Teamcenter Visualization V2412Teamcenter Visualization V2312Tecnomatix Plant Simulation V2404Teamcenter Visualization V14.3Tecnomatix Plant Simulation V2302
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2021-22649
Matching Score-10
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-10
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.8||HIGH
EPSS-0.22% / 44.72%
||
7 Day CHG~0.00%
Published-23 Feb, 2021 | 03:02
Updated-03 Aug, 2024 | 18:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 have multiple NULL pointer dereference issues while processing project files, which may allow an attacker to execute arbitrary code.

Action-Not Available
Vendor-luxionn/aSiemens AG
Product-solid_edge_se2021solid_edge_se2020_firmwarekeyshotsolid_edge_se2021_firmwaresolid_edge_se2020keyvrkeyshot_network_renderingkeyshot_viewerLuxion KeyShotLuxion KeyVRLuxion KeyShot Network RenderingLuxion KeyShot Viewer
CWE ID-CWE-822
Untrusted Pointer Dereference
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2025-23398
Matching Score-10
Assigner-Siemens
ShareView Details
Matching Score-10
Assigner-Siemens
CVSS Score-7.3||HIGH
EPSS-0.02% / 4.16%
||
7 Day CHG~0.00%
Published-11 Mar, 2025 | 09:48
Updated-11 Mar, 2025 | 13:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Teamcenter Visualization V14.3 (All versions < V14.3.0.13), Teamcenter Visualization V2312 (All versions < V2312.0009), Teamcenter Visualization V2406 (All versions < V2406.0007), Teamcenter Visualization V2412 (All versions < V2412.0002), Tecnomatix Plant Simulation V2302 (All versions < V2302.0021), Tecnomatix Plant Simulation V2404 (All versions < V2404.0010). The affected application is vulnerable to memory corruption while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process.

Action-Not Available
Vendor-Siemens AG
Product-Teamcenter Visualization V2406Teamcenter Visualization V2412Teamcenter Visualization V2312Tecnomatix Plant Simulation V2404Teamcenter Visualization V14.3Tecnomatix Plant Simulation V2302
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2025-23396
Matching Score-10
Assigner-Siemens
ShareView Details
Matching Score-10
Assigner-Siemens
CVSS Score-7.3||HIGH
EPSS-0.02% / 4.16%
||
7 Day CHG~0.00%
Published-11 Mar, 2025 | 09:48
Updated-11 Mar, 2025 | 13:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Teamcenter Visualization V14.3 (All versions < V14.3.0.13), Teamcenter Visualization V2312 (All versions < V2312.0009), Teamcenter Visualization V2406 (All versions < V2406.0007), Teamcenter Visualization V2412 (All versions < V2412.0002), Tecnomatix Plant Simulation V2302 (All versions < V2302.0021), Tecnomatix Plant Simulation V2404 (All versions < V2404.0010). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted WRL file. This could allow an attacker to execute code in the context of the current process.

Action-Not Available
Vendor-Siemens AG
Product-Teamcenter Visualization V2406Teamcenter Visualization V2412Teamcenter Visualization V2312Tecnomatix Plant Simulation V2404Teamcenter Visualization V14.3Tecnomatix Plant Simulation V2302
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-39149
Matching Score-10
Assigner-Siemens
ShareView Details
Matching Score-10
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-0.09% / 26.81%
||
7 Day CHG~0.00%
Published-13 Sep, 2022 | 09:41
Updated-03 Aug, 2024 | 11:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V33.1 (All versions >= V33.1.262 < V33.1.263), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.161), Parasolid V35.0 (All versions >= V35.0.161 < V35.0.164), Simcenter Femap V2022.1 (All versions < V2022.1.3), Simcenter Femap V2022.2 (All versions < V2022.2.2). The affected application contains an out of bounds write past the end of an allocated buffer while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-17733)

Action-Not Available
Vendor-Siemens AG
Product-parasolidsimcenter_femapParasolid V34.0Simcenter Femap V2022.1Parasolid V35.0Simcenter Femap V2022.2Parasolid V33.1Parasolid V34.1
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-44434
Matching Score-10
Assigner-Siemens
ShareView Details
Matching Score-10
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-0.42% / 60.96%
||
7 Day CHG~0.00%
Published-14 Dec, 2021 | 12:06
Updated-04 Aug, 2024 | 04:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products is vulnerable to an out of bounds write past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14902, ZDI-CAN-14866)

Action-Not Available
Vendor-Siemens AG
Product-jt_utilitiesjt_open_toolkitJTTKJT Utilities
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-41664
Matching Score-10
Assigner-Siemens
ShareView Details
Matching Score-10
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-0.11% / 29.28%
||
7 Day CHG~0.00%
Published-08 Nov, 2022 | 00:00
Updated-21 Apr, 2025 | 13:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in JT2Go (All versions < V14.1.0.4), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.7), Teamcenter Visualization V14.0 (All versions < V14.0.0.3), Teamcenter Visualization V14.1 (All versions < V14.1.0.4). The affected application contains a stack-based buffer overflow vulnerability that could be triggered while parsing specially crafted PDF files. This could allow an attacker to execute code in the context of the current process.

Action-Not Available
Vendor-Siemens AG
Product-jt2goteamcenter_visualizationTeamcenter Visualization V13.3Teamcenter Visualization V13.2JT2GoTeamcenter Visualization V14.1Teamcenter Visualization V14.0
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-41283
Matching Score-10
Assigner-Siemens
ShareView Details
Matching Score-10
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-0.07% / 22.56%
||
7 Day CHG~0.00%
Published-13 Dec, 2022 | 00:00
Updated-21 Apr, 2025 | 13:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in JT2Go (All versions < V14.1.0.6), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CGM_NIST_Loader.dll contains an out of bounds write vulnerability when parsing a CGM file. An attacker can leverage this vulnerability to execute code in the context of the current process.

Action-Not Available
Vendor-Siemens AG
Product-jt2goteamcenter_visualizationTeamcenter Visualization V13.3Teamcenter Visualization V13.2JT2GoTeamcenter Visualization V14.1Teamcenter Visualization V14.0
CWE ID-CWE-787
Out-of-bounds Write
CVE-2013-0656
Matching Score-10
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-10
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-6.8||MEDIUM
EPSS-2.13% / 83.48%
||
7 Day CHG~0.00%
Published-21 Jan, 2013 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in a third-party ActiveX component in Siemens SIMATIC RF-MANAGER 2008, and RF-MANAGER Basic 3.0 and earlier, allows remote attackers to execute arbitrary code via a crafted web site.

Action-Not Available
Vendor-n/aSiemens AG
Product-simatic_rf-manager_2008simatic_rf-managern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2022-39150
Matching Score-10
Assigner-Siemens
ShareView Details
Matching Score-10
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-0.21% / 43.42%
||
7 Day CHG~0.00%
Published-13 Sep, 2022 | 09:41
Updated-03 Aug, 2024 | 11:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V33.1 (All versions >= V33.1.262 < V33.1.263), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.161), Parasolid V35.0 (All versions >= V35.0.161 < V35.0.164), Simcenter Femap V2022.1 (All versions < V2022.1.3), Simcenter Femap V2022.2 (All versions < V2022.2.2). The affected application contains an out of bounds write past the end of an allocated buffer while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-17735)

Action-Not Available
Vendor-Siemens AG
Product-parasolidsimcenter_femapParasolid V34.0Simcenter Femap V2022.1Parasolid V35.0Simcenter Femap V2022.2Parasolid V33.1Parasolid V34.1
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-39140
Matching Score-10
Assigner-Siemens
ShareView Details
Matching Score-10
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-0.21% / 43.42%
||
7 Day CHG~0.00%
Published-13 Sep, 2022 | 09:40
Updated-03 Aug, 2024 | 11:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.161), Simcenter Femap V2022.1 (All versions < V2022.1.3), Simcenter Femap V2022.2 (All versions < V2022.2.2). The affected application contains an out of bounds write past the end of an allocated buffer while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-17292)

Action-Not Available
Vendor-Siemens AG
Product-parasolidsimcenter_femapParasolid V34.0Simcenter Femap V2022.1Parasolid V35.0Simcenter Femap V2022.2Parasolid V33.1Parasolid V34.1
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-39142
Matching Score-10
Assigner-Siemens
ShareView Details
Matching Score-10
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-0.21% / 43.42%
||
7 Day CHG~0.00%
Published-13 Sep, 2022 | 09:40
Updated-03 Aug, 2024 | 11:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V33.1 (All versions >= V33.1.262 < V33.1.263), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.161), Parasolid V35.0 (All versions >= V35.0.161 < V35.0.164), Simcenter Femap V2022.1 (All versions < V2022.1.3), Simcenter Femap V2022.2 (All versions < V2022.2.2). The affected application contains an out of bounds write past the end of an allocated buffer while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-17485)

Action-Not Available
Vendor-Siemens AG
Product-parasolidsimcenter_femapParasolid V34.0Simcenter Femap V2022.1Parasolid V35.0Simcenter Femap V2022.2Parasolid V33.1Parasolid V34.1
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-39144
Matching Score-10
Assigner-Siemens
ShareView Details
Matching Score-10
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-0.21% / 43.42%
||
7 Day CHG~0.00%
Published-13 Sep, 2022 | 09:41
Updated-03 Aug, 2024 | 11:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V33.1 (All versions >= V33.1.262 < V33.1.263), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.161), Parasolid V35.0 (All versions >= V35.0.161 < V35.0.164), Simcenter Femap V2022.1 (All versions < V2022.1.3), Simcenter Femap V2022.2 (All versions < V2022.2.2). The affected application contains an out of bounds write past the end of an allocated buffer while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-17494)

Action-Not Available
Vendor-Siemens AG
Product-parasolidsimcenter_femapParasolid V34.0Simcenter Femap V2022.1Parasolid V35.0Simcenter Femap V2022.2Parasolid V33.1Parasolid V34.1
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-37864
Matching Score-10
Assigner-Siemens
ShareView Details
Matching Score-10
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-0.08% / 25.08%
||
7 Day CHG~0.00%
Published-11 Oct, 2022 | 00:00
Updated-03 Aug, 2024 | 10:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Solid Edge (All Versions < SE2022MP9). The affected application contains an out of bounds write past the fixed-length heap-based buffer while parsing specially crafted DWG files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-17627)

Action-Not Available
Vendor-Siemens AG
Product-solid_edgeSolid Edge
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-33124
Matching Score-10
Assigner-Siemens
ShareView Details
Matching Score-10
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-0.07% / 20.53%
||
7 Day CHG~0.00%
Published-13 Jun, 2023 | 08:17
Updated-03 Jan, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in JT2Go (All versions < V14.2.0.3), Teamcenter Visualization V13.2 (All versions < V13.2.0.13), Teamcenter Visualization V13.3 (All versions < V13.3.0.10), Teamcenter Visualization V14.0 (All versions < V14.0.0.6), Teamcenter Visualization V14.1 (All versions < V14.1.0.8), Teamcenter Visualization V14.2 (All versions < V14.2.0.3). The affected applications contain a memory corruption vulnerability while parsing specially crafted CGM files. This could allow an attacker to execute code in the context of the current process.

Action-Not Available
Vendor-Siemens AG
Product-jt2goteamcenter_visualizationTeamcenter Visualization V14.1Teamcenter Visualization V13.2Teamcenter Visualization V13.3Teamcenter Visualization V14.0JT2GoTeamcenter Visualization V14.2
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-34748
Matching Score-10
Assigner-Siemens
ShareView Details
Matching Score-10
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-0.42% / 60.96%
||
7 Day CHG~0.00%
Published-12 Jul, 2022 | 10:07
Updated-03 Aug, 2024 | 09:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Simcenter Femap (All versions < V2022.2). The affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-17293)

Action-Not Available
Vendor-Siemens AG
Product-simcenter_femapSimcenter Femap
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-34286
Matching Score-10
Assigner-Siemens
ShareView Details
Matching Score-10
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-0.42% / 60.96%
||
7 Day CHG~0.00%
Published-12 Jul, 2022 | 10:07
Updated-03 Aug, 2024 | 09:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). The affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted PCB files. This could allow an attacker to execute code in the context of the current process. (FG-VD-22-051)

Action-Not Available
Vendor-Siemens AG
Product-pads_viewerPADS Standard/Plus Viewer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-34276
Matching Score-10
Assigner-Siemens
ShareView Details
Matching Score-10
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-0.42% / 60.96%
||
7 Day CHG~0.00%
Published-12 Jul, 2022 | 10:06
Updated-03 Aug, 2024 | 09:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). The affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted PCB files. This could allow an attacker to execute code in the context of the current process. (FG-VD-22-041)

Action-Not Available
Vendor-Siemens AG
Product-pads_viewerPADS Standard/Plus Viewer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-54094
Matching Score-10
Assigner-Siemens
ShareView Details
Matching Score-10
Assigner-Siemens
CVSS Score-7.3||HIGH
EPSS-0.03% / 6.03%
||
7 Day CHG~0.00%
Published-10 Dec, 2024 | 13:54
Updated-04 Mar, 2025 | 18:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 5). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process.

Action-Not Available
Vendor-Siemens AG
Product-solid_edge_se2024Solid Edge SE2024
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-34284
Matching Score-10
Assigner-Siemens
ShareView Details
Matching Score-10
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-0.42% / 60.96%
||
7 Day CHG~0.00%
Published-12 Jul, 2022 | 10:07
Updated-03 Aug, 2024 | 09:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). The affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted PCB files. This could allow an attacker to execute code in the context of the current process. (FG-VD-22-049)

Action-Not Available
Vendor-Siemens AG
Product-pads_viewerPADS Standard/Plus Viewer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-34289
Matching Score-10
Assigner-Siemens
ShareView Details
Matching Score-10
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-0.42% / 60.96%
||
7 Day CHG~0.00%
Published-12 Jul, 2022 | 10:07
Updated-03 Aug, 2024 | 09:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). The affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted PCB files. This could allow an attacker to execute code in the context of the current process. (FG-VD-22-054)

Action-Not Available
Vendor-Siemens AG
Product-pads_viewerPADS Standard/Plus Viewer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-34275
Matching Score-10
Assigner-Siemens
ShareView Details
Matching Score-10
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-0.42% / 60.96%
||
7 Day CHG~0.00%
Published-12 Jul, 2022 | 10:06
Updated-03 Aug, 2024 | 09:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). The affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted PCB files. This could allow an attacker to execute code in the context of the current process. (FG-VD-22-040)

Action-Not Available
Vendor-Siemens AG
Product-pads_viewerPADS Standard/Plus Viewer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-54091
Matching Score-10
Assigner-Siemens
ShareView Details
Matching Score-10
Assigner-Siemens
CVSS Score-7.3||HIGH
EPSS-0.03% / 6.42%
||
7 Day CHG~0.00%
Published-10 Dec, 2024 | 13:54
Updated-08 Apr, 2025 | 08:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 12), Solid Edge SE2025 (All versions < V225.0 Update 3). The affected application contains an out of bounds write past the end of an allocated buffer while parsing X_T data or a specially crafted file in X_T format. This could allow an attacker to execute code in the context of the current process.

Action-Not Available
Vendor-Siemens AG
Product-Solid Edge SE2024Solid Edge SE2025
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-52569
Matching Score-10
Assigner-Siemens
ShareView Details
Matching Score-10
Assigner-Siemens
CVSS Score-7.3||HIGH
EPSS-0.03% / 7.02%
||
7 Day CHG~0.00%
Published-18 Nov, 2024 | 15:39
Updated-10 Dec, 2024 | 14:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Teamcenter Visualization V2406 (All versions < V2406.0005), Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted WRL file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-24260)

Action-Not Available
Vendor-Siemens AG
Product-tecnomatix_plant_simulationTeamcenter Visualization V2406Teamcenter Visualization V2312Tecnomatix Plant Simulation V2302Teamcenter Visualization V14.2Tecnomatix Plant Simulation V2404Teamcenter Visualization V14.3tecnomatix_plant_simulation
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-52570
Matching Score-10
Assigner-Siemens
ShareView Details
Matching Score-10
Assigner-Siemens
CVSS Score-7.3||HIGH
EPSS-0.03% / 7.02%
||
7 Day CHG~0.00%
Published-18 Nov, 2024 | 15:39
Updated-10 Dec, 2024 | 14:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Teamcenter Visualization V2406 (All versions < V2406.0005), Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted WRL file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-24365)

Action-Not Available
Vendor-Siemens AG
Product-tecnomatix_plant_simulationTeamcenter Visualization V2406Teamcenter Visualization V2312Tecnomatix Plant Simulation V2302Teamcenter Visualization V14.2Tecnomatix Plant Simulation V2404Teamcenter Visualization V14.3tecnomatix_plant_simulation
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-52573
Matching Score-10
Assigner-Siemens
ShareView Details
Matching Score-10
Assigner-Siemens
CVSS Score-7.3||HIGH
EPSS-0.03% / 7.02%
||
7 Day CHG~0.00%
Published-18 Nov, 2024 | 15:39
Updated-10 Dec, 2024 | 14:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Teamcenter Visualization V2406 (All versions < V2406.0005), Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted WRL file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-24521)

Action-Not Available
Vendor-Siemens AG
Product-tecnomatix_plant_simulationTeamcenter Visualization V2406Teamcenter Visualization V2312Tecnomatix Plant Simulation V2302Teamcenter Visualization V14.2Tecnomatix Plant Simulation V2404Teamcenter Visualization V14.3tecnomatix_plant_simulation
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-52566
Matching Score-10
Assigner-Siemens
ShareView Details
Matching Score-10
Assigner-Siemens
CVSS Score-7.3||HIGH
EPSS-0.03% / 7.02%
||
7 Day CHG~0.00%
Published-18 Nov, 2024 | 15:39
Updated-10 Dec, 2024 | 14:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Teamcenter Visualization V2406 (All versions < V2406.0005), Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted WRL file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-24233)

Action-Not Available
Vendor-Siemens AG
Product-tecnomatix_plant_simulationTeamcenter Visualization V2406Teamcenter Visualization V2312Tecnomatix Plant Simulation V2302Teamcenter Visualization V14.2Tecnomatix Plant Simulation V2404Teamcenter Visualization V14.3tecnomatix_plant_simulation
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-3160
Matching Score-10
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-10
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.8||HIGH
EPSS-0.08% / 24.56%
||
7 Day CHG~0.00%
Published-13 Jan, 2023 | 00:16
Updated-07 Nov, 2023 | 03:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The APDFL.dll contains an out-of-bounds write past the fixed-length heap-based buffer while parsing specially crafted PDF files. This could allow an attacker to execute code in the context of the current process.

Action-Not Available
Vendor-SiemensSiemens AG
Product-jt2goteamcenter_visualizationTeamcenter Visualization V14.1JT2GoTeamcenter Visualization V13.3Teamcenter Visualization V14.0
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-3159
Matching Score-10
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-10
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.8||HIGH
EPSS-0.13% / 33.36%
||
7 Day CHG~0.00%
Published-13 Jan, 2023 | 00:15
Updated-07 Nov, 2023 | 03:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The APDFL.dll contains a stack-based buffer overflow vulnerability that could be triggered while parsing specially crafted PDF files. This could allow an attacker to execute code in the context of the current process.

Action-Not Available
Vendor-SiemensSiemens AG
Product-jt2goteamcenter_visualizationTeamcenter Visualization V14.1JT2GoTeamcenter Visualization V13.3Teamcenter Visualization V14.0
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-3161
Matching Score-10
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-10
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.8||HIGH
EPSS-0.13% / 33.02%
||
7 Day CHG~0.00%
Published-13 Jan, 2023 | 00:17
Updated-07 Nov, 2023 | 03:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The APDFL.dll contains a memory corruption vulnerability while parsing specially crafted PDF files. This could allow an attacker to execute code in the context of the current process.

Action-Not Available
Vendor-SiemensSiemens AG
Product-jt2goteamcenter_visualizationTeamcenter Visualization V14.1JT2GoTeamcenter Visualization V13.3Teamcenter Visualization V14.0
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-27400
Matching Score-10
Assigner-Siemens
ShareView Details
Matching Score-10
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-0.07% / 21.30%
||
7 Day CHG~0.00%
Published-14 Mar, 2023 | 09:32
Updated-27 Feb, 2025 | 16:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20300)

Action-Not Available
Vendor-Siemens AG
Product-tecnomatix_plant_simulationTecnomatix Plant Simulation
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-47046
Matching Score-10
Assigner-Siemens
ShareView Details
Matching Score-10
Assigner-Siemens
CVSS Score-7.3||HIGH
EPSS-0.03% / 8.07%
||
7 Day CHG~0.00%
Published-08 Oct, 2024 | 08:40
Updated-10 Dec, 2024 | 14:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Simcenter Femap V2306 (All versions), Simcenter Femap V2401 (All versions), Simcenter Femap V2406 (All versions). The affected application is vulnerable to memory corruption while parsing specially crafted BDF files. This could allow an attacker to execute code in the context of the current process.

Action-Not Available
Vendor-Siemens AG
Product-Simcenter Femap V2401Simcenter Femap V2406Simcenter Femap V2306simcenter_nastran
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 118
  • 119
  • Next
Details not found