Vulnerabilities > CVE-2020-26980 - Type Confusion vulnerability in Siemens Jt2Go and Teamcenter Visualization

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

siemens

CWE-843

NVD

Published: 2021-01-12

Updated: 2021-02-22

Summary

A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing JT files. A crafted JT file could trigger a type confusion condition. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11881)

Vulnerable Configurations

Part	Description	Count
Application	Siemens Siemens Teamcenter Visualization - Siemens Teamcenter Visualization 8.0.9085 Siemens Teamcenter Visualization 12.4.0 Siemens Teamcenter Visualization 13.0.0 Siemens Jt2Go -	5

Common Weakness Enumeration (CWE)

CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References