Vulnerabilities > CVE-2020-26990 - Type Confusion vulnerability in Siemens Jt2Go and Teamcenter Visualization

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

siemens

CWE-843

NVD

Published: 2021-01-12

Updated: 2022-10-06

Summary

A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing ASM files. A crafted ASM file could trigger a type confusion condition. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11897)

Vulnerable Configurations

Part	Description	Count
Application	Siemens Siemens Jt2Go - Siemens Jt2Go 13.1.0 Siemens Teamcenter Visualization - Siemens Teamcenter Visualization 8.0.9085 Siemens Teamcenter Visualization 12.4.0 Siemens Teamcenter Visualization 13.0.0 Siemens Teamcenter Visualization 13.1.0	7

Common Weakness Enumeration (CWE)

CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References