VARIoT IoT vulnerabilities database

A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing CG4 and CGM files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11898). JT2Go and Teamcenter Visualization Is vulnerable to an out-of-bounds write. Zero Day Initiative To this vulnerability ZDI-CAN-11898 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of CG4 and CGM files. JT2Go is a 3D JT viewing tool that allows users to view JT, PDF, Solid Edge, PLM XML and existing JT, VFZ, CGM, TIF data. Teamcenter visualization software enables companies to enhance their product lifecycle management (PLM) environment. The software enables corporate users to access documents, 2D drawings and 3D models in a single environment. JT2Go and Teamcenter Visualization has an unspecified vulnerability

A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing ASM files. A crafted ASM file could trigger a type confusion condition. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11897). JT2Go and Teamcenter Visualization Exists in a mistyped vulnerability. Zero Day Initiative To this vulnerability ZDI-CAN-11897 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of ASM files. JT2Go is a 3D JT viewing tool that allows users to view JT, PDF, Solid Edge, PLM XML and existing JT, VFZ, CGM, TIF data. Teamcenter visualization software enables companies to enhance their product lifecycle management (PLM) environment. The software enables corporate users to access documents, 2D drawings and 3D models in a single environment

A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing of PAR files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11891). JT2Go and Teamcenter Visualization Is vulnerable to an out-of-bounds write. Zero Day Initiative To this vulnerability ZDI-CAN-11891 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of PAR files. JT2Go is a 3D JT viewing tool that allows users to view JT, PDF, Solid Edge, PLM XML and existing JT, VFZ, CGM, TIF data. Teamcenter visualization software enables companies to enhance their product lifecycle management (PLM) environment. The software enables corporate users to access documents, 2D drawings and 3D models in a single environment. JT2Go and Teamcenter Visualization have security vulnerabilities

A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing of JT files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11972). JT2Go and Teamcenter Visualization Is vulnerable to an out-of-bounds write. Zero Day Initiative To this vulnerability ZDI-CAN-11972 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of JT files. JT2Go is a 3D JT viewing tool that allows users to view JT, PDF, Solid Edge, PLM XML and existing JT, VFZ, CGM, TIF data. Teamcenter visualization software enables companies to enhance their product lifecycle management (PLM) environment. The software enables corporate users to access documents, 2D drawings and 3D models in a single environment. JT2Go and Teamcenter Visualization has an unspecified vulnerability

A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing of JT files. This could lead to a heap-based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12014). JT2Go and Teamcenter Visualization Is vulnerable to an out-of-bounds write. Zero Day Initiative To this vulnerability ZDI-CAN-12014 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the processing of JT files. JT2Go is a 3D JT viewing tool that allows users to view JT, PDF, Solid Edge, PLM XML and existing JT, VFZ, CGM, TIF data. Teamcenter visualization software enables companies to enhance their product lifecycle management (PLM) environment. The software enables corporate users to access documents, 2D drawings and 3D models in a single environment

A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing PDF files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11900). JT2Go and Teamcenter Visualization Is vulnerable to an out-of-bounds write. Zero Day Initiative To this vulnerability ZDI-CAN-11900 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of PDF files. JT2Go is a 3D JT viewing tool that allows users to view JT, PDF, Solid Edge, PLM XML and existing JT, VFZ, CGM, TIF data. Teamcenter visualization software enables companies to enhance their product lifecycle management (PLM) environment. The software enables corporate users to access documents, 2D drawings and 3D models in a single environment. JT2Go and Teamcenter Visualization has an unspecified vulnerability

A vulnerability has been identified in Solid Edge SE2020 (All Versions < SE2020MP12), Solid Edge SE2021 (All Versions < SE2021MP2). Affected applications lack proper validation of user-supplied data when parsing PAR files. This could result in a out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. Solid Edge Is vulnerable to an out-of-bounds write.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Solid Edge Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of PAR files. Solid Edge is a combination of software tools to solve various product development processes

A vulnerability has been identified in Solid Edge SE2020 (All Versions < SE2020MP12), Solid Edge SE2021 (All Versions < SE2021MP2). Affected applications lack proper validation of user-supplied data when parsing DFT files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. Solid Edge Is vulnerable to an out-of-bounds write.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Solid Edge Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of DFT files. Solid Edge is a combination of software tools to solve various product development processes

A vulnerability has been identified in Solid Edge SE2020 (All Versions < SE2020MP12), Solid Edge SE2021 (All Versions < SE2021MP2). Affected applications lack proper validation of user-supplied data when parsing PAR files. This could result in an out of bounds write into uninitialized memory. An attacker could leverage this vulnerability to execute code in the context of the current process. Solid Edge Is vulnerable to an out-of-bounds write.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Solid Edge Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of PAR files. Solid Edge is a combination of software tools to solve various product development processes

A vulnerability has been identified in Solid Edge SE2020 (All Versions < SE2020MP12), Solid Edge SE2021 (All Versions < SE2021MP2). Affected applications lack proper validation of user-supplied data when parsing PAR files. This could lead to a stack based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process. Solid Edge Is vulnerable to an out-of-bounds write.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Solid Edge Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of PAR files. Solid Edge is a combination of software tools to solve various product development processes

A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Solid Edge SE2020 (All Versions < SE2020MP12), Solid Edge SE2021 (All Versions < SE2021MP2), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing PAR files. This can result in an out of bounds write past the memory location that is a read only image address. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11885). Several Siemens products are vulnerable to out-of-bounds writes. Zero Day Initiative To this vulnerability ZDI-CAN-11885 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of PAR files. JT2Go is a 3D JT viewing tool that allows users to view JT, PDF, Solid Edge, PLM XML and existing JT, VFZ, CGM, TIF data. Teamcenter visualization software enables companies to enhance their product lifecycle management (PLM) environment. The software enables corporate users to access documents, 2D drawings and 3D models in a single environment. JT2Go and Teamcenter Visualization have security vulnerabilities

A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing JT files. A crafted JT file could trigger a type confusion condition. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11881). JT2Go and Teamcenter Visualization Exists in a mistyped vulnerability. Zero Day Initiative To this vulnerability ZDI-CAN-11881 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of JT files. JT2Go is a 3D JT viewing tool that allows users to view JT, PDF, Solid Edge, PLM XML and existing JT, VFZ, CGM, TIF data. Teamcenter visualization software enables companies to enhance their product lifecycle management (PLM) environment. The software enables corporate users to access documents, 2D drawings and 3D models in a single environment

A vulnerability has been identified in JT2Go (All versions < V13.1.0.2), Teamcenter Visualization (All versions < V13.1.0.2). Affected applications lack proper validation of user-supplied data when parsing ASM files. This could lead to pointer dereferences of a value obtained from untrusted source. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11899). JT2Go and Teamcenter Visualization Has NULL A pointer dereference vulnerability exists. Zero Day Initiative To this vulnerability ZDI-CAN-11899 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of ASM files. JT2Go is a 3D JT viewing tool that allows users to view JT, PDF, Solid Edge, PLM XML and existing JT, VFZ, CGM, TIF data. Teamcenter visualization software enables companies to enhance their product lifecycle management (PLM) environment. The software enables corporate users to access documents, 2D drawings and 3D models in a single environment

SAP NetWeaver AS ABAP, versions 740, 750, 751, 752, 753, 754, 755, allows an unauthenticated attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service, this has a high impact on the availability of the service. SAP NetWeaver AS ABAP Is vulnerable to a resource exhaustion.Denial of service (DoS) It may be put into a state

SAP GUI for Windows, version - 7.60, allows an attacker to spoof logon credentials for Application Server ABAP backend systems in the client PCs memory. Under certain conditions the attacker can access information which would otherwise be restricted. The exploit can only be executed locally on the client PC and not via Network and the attacker needs at least user authorization of the Operating System user of the victim. Windows for SAP GUI Exists in an inadequate protection of credentials.Information may be obtained

A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing CGM files. This could lead to a stack based buffer overflow while trying to copy to a buffer in the font index handling function. An attacker could leverage this vulnerability to execute code in the context of the current process. JT2Go and Teamcenter Visualization Is vulnerable to an out-of-bounds write.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. JT2Go is a 3D JT viewing tool that allows users to view JT, PDF, Solid Edge, PLM XML and existing JT, VFZ, CGM, TIF data. Teamcenter visualization software enables companies to enhance their product lifecycle management (PLM) environment. The software enables corporate users to access documents, 2D drawings and 3D models in a single environment

A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing CGM files. This could lead to a stack based buffer overflow while trying to copy to a buffer during font string handling. An attacker could leverage this vulnerability to execute code in the context of the current process. JT2Go and Teamcenter Visualization Is vulnerable to an out-of-bounds write.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. JT2Go is a 3D JT viewing tool that allows users to view JT, PDF, Solid Edge, PLM XML and existing JT, VFZ, CGM, TIF data. Teamcenter visualization software enables companies to enhance their product lifecycle management (PLM) environment. The software enables corporate users to access documents, 2D drawings and 3D models in a single environment

A vulnerability has been identified in SCALANCE X-200RNA switch family (All versions < V3.2.7), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < V4.1.0). Devices do not create a new unique private key after factory reset. An attacker could leverage this situation to a man-in-the-middle situation and decrypt previously captured traffic. SCALANCE X is a switch used to connect industrial components, such as programmable logic controllers (plc) or human machine interfaces (HMIs)

A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0). The vulnerability could allow an unauthenticated attacker to reboot the device over the network by using special urls from integrated web server of the affected products. SCALANCE X-200 and SCALANCE X-200IRT A vulnerability exists in the switch family regarding the lack of authentication for critical features.Denial of service (DoS) It may be put into a state. SCALANCE X is a switch used to connect industrial components, such as programmable logic controllers (plc) or human machine interfaces (HMIs)

A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < V4.1.0). The webserver of the affected devices contains a vulnerability that may lead to a heap overflow condition. An attacker could cause this condition on the webserver by sending specially crafted requests. This could stop the webserver temporarily. SCALANCE X-200 and SCALANCE X-200IRT An out-of-bounds write vulnerability exists in the switch family.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. SCALANCE X is a switch used to connect industrial components, such as programmable logic controllers (plc) or human machine interfaces (HMIs)