Security News > 2021 > January > Tens of Vulnerabilities in Siemens PLM Products Allow Code Execution

Tens of Vulnerabilities in Siemens PLM Products Allow Code Execution
2021-01-15 19:17

Siemens this week informed customers that some of its product development solutions are affected by a total of nearly two dozen vulnerabilities that can be exploited for arbitrary code execution using malicious files.

Siemens and CISA have published one advisory for 18 vulnerabilities affecting Siemens JT2Go, a 3D viewing tool for JT data, and Teamcenter Visualization, which provides organizations visualization solutions for documents, 2D drawings and 3D models.

A second advisory was published for six vulnerabilities affecting Siemens Solid Edge, a solution that provides software tools for 3D design, simulation and manufacturing.

A vast majority of the vulnerabilities are high-severity issues that can result in arbitrary code execution in the context of the targeted process.

The code execution flaws are related to improper validation of user-supplied data when parsing certain types of files, which leads to a memory corruption vulnerability.

The second advisory informs customers of a high-severity code execution vulnerability in Operator Terminal Expert and Pro-face BLUE products.


News URL

http://feedproxy.google.com/~r/Securityweek/~3/118LLJAQ0RU/tens-vulnerabilities-siemens-plm-products-allow-code-execution

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Siemens 1779 26 427 871 201 1525