CVE-2022-24290 - NVD | ByteOS Network

NVD Vulnerability Details :

CVE-2022-24290

Analyzed

More Info Official Page

Source-productcert@siemens.com

Published At-20 May, 2022 | 13:15

Updated At-23 Feb, 2023 | 18:08

A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.13), Teamcenter V13.0 (All versions < V13.0.0.9), Teamcenter V13.1 (All versions), Teamcenter V13.2 (All versions < V13.2.0.8), Teamcenter V13.3 (All versions < V13.3.0.3), Teamcenter V14.0 (All versions < V14.0.0.2). The tcserver.exe binary in affected applications is vulnerable to a stack overflow condition during the parsing of user input that may lead the binary to crash.

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary	2.0	5.0	MEDIUM	AV:N/AC:L/Au:N/C:N/I:N/A:P

CPE Matches

>>teamcenter>>Versions from 12.4(inclusive) to 12.4.0.13(exclusive)

cpe:2.3:a:siemens:teamcenter:*:*:*:*:*:*:*:*

>>teamcenter>>Versions from 13.0(inclusive) to 13.0.0.9(exclusive)

cpe:2.3:a:siemens:teamcenter:*:*:*:*:*:*:*:*

>>teamcenter>>Versions from 13.1(inclusive) to 13.1.0.9(exclusive)

cpe:2.3:a:siemens:teamcenter:*:*:*:*:*:*:*:*

>>teamcenter>>Versions from 13.2(inclusive) to 13.2.0.8(exclusive)

cpe:2.3:a:siemens:teamcenter:*:*:*:*:*:*:*:*

>>teamcenter>>Versions from 13.3(inclusive) to 13.3.0.3(exclusive)

cpe:2.3:a:siemens:teamcenter:*:*:*:*:*:*:*:*

>>teamcenter>>14.0

cpe:2.3:a:siemens:teamcenter:14.0:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-121	Primary	productcert@siemens.com
CWE-787	Secondary	nvd@nist.gov

References

Hyperlink	Source	Resource
https://cert-portal.siemens.com/productcert/pdf/ssa-789162.pdf	productcert@siemens.com	Mitigation Patch Vendor Advisory