Vulnerabilities > CVE-2021-44448 - Unspecified vulnerability in Siemens JT Open Toolkit and JT Utilities

CVSS 3.3 - LOW

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

local

low complexity

siemens

NVD

Published: 2021-12-14

Updated: 2024-11-21

Summary

A vulnerability has been identified in JT Utilities (All versions < V13.0.3.0), JTTK (All versions < V11.0.3.0). JTTK library in affected products is vulnerable to an out of bounds read past the end of an allocated buffer when parsing JT files. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-14843, ZDI-CAN-15051)

Vulnerable Configurations

Part	Description	Count
Application	Siemens Siemens JT Open Toolkit - Siemens JT Utilities -	2

References

https://cert-portal.siemens.com/productcert/pdf/ssa-352143.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-352143.pdf