Siemens.Drawings.SDK.CVE-2022-28808.Out-of-bounds.Read

description-logoDescription

This indicates an attack attempt to exploit an Out Of Bounds Read vulnerability in Drawings SDK which are used by Siemens JT2Go and Teamcenter Visualization.
Drawings SDK is vulnerable to an out-of-bounds read vulnerability due to rendering of .DWG files after they are opened in the recovery mode. This allows an attacker to execute code in the context of the current process.

affected-products-logoAffected Products

JT2Go: All versions < V13.3.0.5
Teamcenter Visualization V12.4: All versions
Teamcenter Visualization V13.2: All versions
Teamcenter Visualization V13.3: All versions < V13.3.0.5
Teamcenter Visualization V14.0: All versions

Impact logoImpact

System Compromise: Remote attackers could gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor.
https://cert-portal.siemens.com/productcert/pdf/ssa-429204.pdf

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2022-07-14 21.356
2022-07-13 21.355 Name:FG-VD-22-002_Siemens.
0day:Siemens.
Drawings.
SDK.
CVE-2022-28808.
Out-of-bounds.
Read
2022-07-13 21.355 Severity:medium:high
2022-06-29 21.347 Sig Added
2022-04-21 20.302 Default_action:pass:drop
2022-04-12 20.296