Description

A vulnerability has been identified in JT Open (All versions < V11.5), JT2Go (All versions < V2406.0003), PLM XML SDK (All versions < V7.1.0.014), Teamcenter Visualization V14.2 (All versions < V14.2.0.13), Teamcenter Visualization V14.3 (All versions < V14.3.0.11), Teamcenter Visualization V2312 (All versions < V2312.0008), Teamcenter Visualization V2406 (All versions < V2406.0003). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted XML files. An attacker could leverage this vulnerability to crash the application causing denial of service condition.

Classification

CVE ID: CVE-2024-37996

CVSS Base Severity: LOW

CVSS Base Score: 3.3

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

Affected Products

Vendor: Siemens

Product: JT Open, JT2Go, PLM XML SDK, Teamcenter Visualization V14.2, Teamcenter Visualization V14.3, Teamcenter Visualization V2312, Teamcenter Visualization V2406

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.03% (probability of being exploited)

EPSS Percentile: 7.37% (scored less or equal to compared to others)

EPSS Date: 2025-05-30 (when was this score calculated)

Stakeholder-Specific Vulnerability Categorization (SSVC)

SSVC Exploitation: none

SSVC Technical Impact:

SSVC Automatable: false

References

https://nvd.nist.gov/vuln/detail/CVE-2024-37996
https://cert-portal.siemens.com/productcert/html/ssa-824889.html
https://cert-portal.siemens.com/productcert/html/ssa-959281.html

Timeline