Threat Encyclopedia

Siemens.Drawings.SDK.CVE-2022-28809.Out-of-bounds.Read

description-logoDescription

This indicates an attack attempt to exploit an Out Of Bounds Read vulnerability in Drawings SDK which are used by Siemens JT2Go and Teamcenter Visualization.
Drawings SDK is vulnerable to an out-of-bounds read vulnerability due to rendering of .DWG files after they are opened in the recovery mode. This allows an attacker to execute code in the context of the current process.

affected-products-logoAffected Products

JT2Go: All versions < V13.3.0.5
Teamcenter Visualization V12.4: All versions
Teamcenter Visualization V13.2: All versions
Teamcenter Visualization V13.3: All versions < V13.3.0.5
Teamcenter Visualization V14.0: All versions

Impact logoImpact

System Compromise: Remote attackers could gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor.
https://cert-portal.siemens.com/productcert/pdf/ssa-429204.pdf

CVE References

CVE-2022-28809

Telemetry logoTelemetry