Siemens.Drawings.SDK.CVE-2022-28808.Out-of-bounds.Read
Description
This indicates an attack attempt to exploit an Out Of Bounds Read vulnerability in Drawings SDK which are used by Siemens JT2Go and Teamcenter Visualization.
Drawings SDK is vulnerable to an out-of-bounds read vulnerability due to rendering of .DWG files after they are opened in the recovery mode. This allows an attacker to execute code in the context of the current process.
Affected Products
JT2Go: All versions < V13.3.0.5
Teamcenter Visualization V12.4: All versions
Teamcenter Visualization V13.2: All versions
Teamcenter Visualization V13.3: All versions < V13.3.0.5
Teamcenter Visualization V14.0: All versions
Impact
System Compromise: Remote attackers could gain control of vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://cert-portal.siemens.com/productcert/pdf/ssa-429204.pdf
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |