Vulnerabilities > CVE-2021-34332 - Infinite Loop vulnerability in Siemens Jt2Go and Teamcenter Visualization

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

siemens

CWE-835

NVD

Published: 2021-07-13

Updated: 2021-07-15

Summary

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The BMP_Loader.dll library in affected applications lacks proper validation of user-supplied data when parsing BMP files. A malformed input file could result in an infinite loop condition that leads to denial of service condition. An attacker could leverage this vulnerability to consume excessive resources. (CNVD-C-2021-79300)

Vulnerable Configurations

Part	Description	Count
Application	Siemens Siemens Jt2Go - Siemens Jt2Go 13.1.0 Siemens Jt2Go 13.1.0.1 Siemens Teamcenter Visualization - Siemens Teamcenter Visualization 8.0.9085 Siemens Teamcenter Visualization 13.1.0 Siemens Teamcenter Visualization 13.1.0.1	7

Common Weakness Enumeration (CWE)

CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

References

https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf