CVE-2023-38075

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Sep 12, 2023
Updated: Jan 25, 2024
CWE ID 416

Summary

CVE-2023-38075 is a use-after-free vulnerability affecting multiple versions of JT2Go, Teamcenter Visualization, and Tecnomatix Plant Simulation. Specifically, these applications contain a flaw in their WRL file parsing functionality. An attacker can exploit this vulnerability by providing specially crafted WRL files, leading to memory corruption and potential code execution in the context of the current process. Affected versions include all releases below V14.3.0.1 for JT2Go and Teamcenter Visualization, and all versions for Tecnomatix Plant Simulation V2201 and V2302. (ZDI-CAN-20842) The identified flaw in these applications offers an attacker the ability to manipulate WRL files and initiate a use-after-free vulnerability within the parsing functionality. This issue can result in memory corruption and ultimately, the execution of arbitrary code in the current process context. The impacted applications include JT2Go, Teamcenter Visualization, and Tecnomatix Plant Simulation, with affected versions spanning from V13.3 for Teamcenter Visualization to all releases for Tecnomatix Plant Simulation V2201 and V2302. (ZDI-CAN-20842) A vulnerability, identified with CVE-2023-38075, exists in JT2Go, Teamcenter Visualization, Tecnomatix Plant Simulation, and their respective versions. Attackers can trigger a use-after-free issue by supplying maliciously crafted WRL files to the affected applications. This memory corruption vulnerability can result in the execution of unintended code within the current process context. Versions below V14.3.0.1 for JT2Go and Teamcenter Visualization, and all releases before V2201.0010 and V2302.0004 for Tecnomatix Plant Simulation are at risk. (ZDI-CAN-20842) CVE-2023-38075 is a critical vulnerability that impacts specific versions of JT2Go, Teamcenter Visualization, and Tecnomatix Plant Simulation. Through the manipulation of WRL files, attackers can exploit a use-after-free issue within the applications' parsing functionality. This memory corruption vulnerability can lead to arbitrary code execution within the context of the current process. Affected versions include all releases below V14.3.0.1 for JT2Go and Teamcenter Visualization, and all editions for Tecnomatix Plant Simulation V2201 and V2302. (ZDI-CAN-20842) CVE-2023-38075 signifies a dangerous exploit discovered in JT2Go, Teamcenter Visualization, and Tecnomatix Plant Simulation. The vulnerability stems from a use-after-free issue, which can be triggered when processing specially crafted WRL files. As a result, attackers can execute arbitrary code within the context of the affected application, posing a significant threat. Versions below V14.3.0.1 for JT2Go and Teamcenter Visualization and all releases prior to V2201.0010 and V2302.0004 for Tecnomatix Plant Simulation are susceptible to this issue. (ZDI-CAN-20842)

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Siemens Teamcenter Visualization
  • Siemens JT2GO
  • Teamcenter

Affected Vendors

  • Siemens AG

Prioritize, Pinpoint, and Act to Prevent Vulnerability Exploits with Recorded Future

Note: This is just a basic overview providing quick insights into CVE-2023-38075 information. Gain full access to comprehensive CVE data, third party vulnerabilities, compromised credentials and more with Recorded Future
  • Gain complete coverage of your cyber, third party, and physical attack surface
  • Proactively mitigate threats before they turn into costly attacks
  • Make fast, effective, data-driven decisions