CVE-2023-38076

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Sep 12, 2023
Updated: Feb 16, 2024
CWE ID 787
CWE ID 122

Summary

CVE-2023-38076 is a critical vulnerability affecting multiple versions of JT2Go, Teamcenter Visualization, and Tecnomatix Plant Simulation. The issue lies in the handling of WRL files, which results in a heap-based buffer overflow. An attacker can exploit this vulnerability by supplying specially crafted WRL files, leading to code execution in the context of the current process. Versions of JT2Go below V14.3.0.1, Teamcenter Visualization below V13.3.0.12, Teamcenter Visualization V14.0, Teamcenter Visualization V14.1 below V14.1.0.11, Teamcenter Visualization V14.2 below V14.2.0.6, Teamcenter Visualization V14.3 below V14.3.0.1, Tecnomatix Plant Simulation V2201 below V2201.0010, and Tecnomatix Plant Simulation V2302 below V2302.0004 are all at risk. (ZDI-CAN-21041) In summary, the cybersecurity vulnerability identified with the CVE-2023-38076 tag poses a significant threat to various versions of JT2Go, Teamcenter Visualization, and Tecnomatix Plant Simulation. A heap-based buffer overflow vulnerability exists within the handling of WRL files, exposing these applications to potential code execution attacks through specially crafted files. Affected versions include but are not limited to JT2Go V14.3.0.1 and below, Teamcenter Visualization V13.3.0.12 and below, Teamcenter Visualization V14.0, Teamcenter Visualization V14.1 V14.1.0.11 and below, Teamcenter Visualization V14.2 V14.2.0.6 and below, Teamcenter Visualization V14.3 V14.3.0.1 and below, Tecnomatix Plant Simulation V2201 V2201.0010 and below, and Tecnomatix Plant Simulation V2302 V2302.0004 and below.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Siemens Teamcenter Visualization
  • Siemens JT2GO
  • Teamcenter

Affected Vendors

  • Siemens AG