CVE-2024-37997: A vulnerability has been identified in JT Open (All versions < V11.5), JT2Go (All versions < V2406.0003), PLM XML SDK (All versions < V7.1.0.014),...
Description
A vulnerability has been identified in JT Open (All versions < V11.5), JT2Go (All versions < V2406.0003), PLM XML SDK (All versions < V7.1.0.014), Teamcenter Visualization V14.2 (All versions < V14.2.0.13), Teamcenter Visualization V14.3 (All versions < V14.3.0.11), Teamcenter Visualization V2312 (All versions < V2312.0008), Teamcenter Visualization V2406 (All versions < V2406.0003). The affected applications contain a stack based overflow vulnerability while parsing specially crafted XML files. This could allow an attacker to execute code in the context of the current process.
Classification
CVE ID: CVE-2024-37997
CVSS Base Severity: HIGH
CVSS Base Score: 7.8
Affected Products
Vendor: Siemens
Product: JT Open
Exploit Prediction Scoring System (EPSS)
EPSS Score: 0.04% (probability of being exploited)
EPSS Percentile: 11.48% (scored less or equal to compared to others)
EPSS Date: 2025-02-07 (when was this score calculated)
References
https://cert-portal.siemens.com/productcert/html/ssa-824889.htmlhttps://cert-portal.siemens.com/productcert/html/ssa-959281.html