{
    "data_version": "4.0",
    "data_type": "CVE",
    "data_format": "MITRE",
    "CVE_data_meta": {
        "ID": "CVE-2023-7066",
        "ASSIGNER": "ics-cert@hq.dhs.gov",
        "STATE": "PUBLIC"
    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "The affected applications contain an out of bounds read past the end of \nan allocated structure while parsing specially crafted PDF files. This \ncould allow an attacker to execute code in the context of the current \nprocess."
            }
        ]
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "CWE-125",
                        "cweId": "CWE-125"
                    }
                ]
            }
        ]
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "vendor_name": "Siemens",
                    "product": {
                        "product_data": [
                            {
                                "product_name": "JT2Go",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_affected": "<",
                                            "version_name": "0",
                                            "version_value": "V14.3.0.8"
                                        }
                                    ]
                                }
                            },
                            {
                                "product_name": "Teamcenter Visualization",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_affected": "<",
                                            "version_name": "0",
                                            "version_value": "V14.1.0.14"
                                        }
                                    ]
                                }
                            }
                        ]
                    }
                }
            ]
        }
    },
    "references": {
        "reference_data": [
            {
                "url": "https://cert-portal.siemens.com/productcert/html/ssa-722010.html",
                "refsource": "MISC",
                "name": "https://cert-portal.siemens.com/productcert/html/ssa-722010.html"
            },
            {
                "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-193-03",
                "refsource": "MISC",
                "name": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-193-03"
            }
        ]
    },
    "generator": {
        "engine": "Vulnogram 0.2.0"
    },
    "source": {
        "advisory": "ICSA-24-193-03",
        "discovery": "EXTERNAL"
    },
    "work_around": [
        {
            "lang": "en",
            "supportingMedia": [
                {
                    "base64": false,
                    "type": "text/html",
                    "value": "<p>To reduce risk, Siemens \nrecommends users not open untrusted PDF files in affected applications.<br></p><ul>\n</ul>\n<p>As a general security measure, Siemens recommends protecting network \naccess to devices with appropriate mechanisms. To operate the devices in\n a protected IT environment, Siemens recommends configuring the \nenvironment according to <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.siemens.com/cert/operational-guidelines-industrial-security\">Siemens' operational guidelines for industrial security</a> and following recommendations in the product manuals.</p>\n<p>Additional information on industrial security by Siemens can be found on the <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.siemens.com/industrialsecurity\">Siemens industrial security webpage</a></p>For more information see the associated Siemens security advisory SSA-722010\n\n<br>"
                }
            ],
            "value": "To reduce risk, Siemens \nrecommends users not open untrusted PDF files in affected applications.\n\n\n\n\n\n\nAs a general security measure, Siemens recommends protecting network \naccess to devices with appropriate mechanisms. To operate the devices in\n a protected IT environment, Siemens recommends configuring the \nenvironment according to  Siemens' operational guidelines for industrial security https://www.siemens.com/cert/operational-guidelines-industrial-security  and following recommendations in the product manuals.\n\n\nAdditional information on industrial security by Siemens can be found on the  Siemens industrial security webpage https://www.siemens.com/industrialsecurity \n\nFor more information see the associated Siemens security advisory SSA-722010"
        }
    ],
    "solution": [
        {
            "lang": "en",
            "supportingMedia": [
                {
                    "base64": false,
                    "type": "text/html",
                    "value": "<p>\nSiemens has released new versions for the affected products and recommends to update to the latest versions.\n\n:</p><ul><li>Teamcenter Visualization V14.1: Update to <a target=\"_blank\" rel=\"nofollow\" href=\"https://support.sw.siemens.com/\">V14.1.0.14 or later version</a></li><li>Teamcenter Visualization V14.2: Update to <a target=\"_blank\" rel=\"nofollow\" href=\"https://support.sw.siemens.com/\">V14.2.0.10 or later version</a></li><li>JT2Go: Update to <a target=\"_blank\" rel=\"nofollow\" href=\"https://plm.sw.siemens.com/en-US/plmcomponents/jt/jt2go/\">V14.3.0.8 or later version</a></li><li>Teamcenter Visualization V14.3: Update to <a target=\"_blank\" rel=\"nofollow\" href=\"https://support.sw.siemens.com/\">V14.3.0.8 or later version</a></li><li>Teamcenter Visualization V2312: Update to <a target=\"_blank\" rel=\"nofollow\" href=\"https://support.sw.siemens.com/\">V2312.0002 or later version</a></li></ul>\nFor more information see the associated Siemens security advisory SSA-722010\n\n\n\n<br>"
                }
            ],
            "value": "Siemens has released new versions for the affected products and recommends to update to the latest versions.\n\n:\n\n  *  Teamcenter Visualization V14.1: Update to  V14.1.0.14 or later version https://support.sw.siemens.com/ \n  *  Teamcenter Visualization V14.2: Update to  V14.2.0.10 or later version https://support.sw.siemens.com/ \n  *  JT2Go: Update to  V14.3.0.8 or later version https://plm.sw.siemens.com/en-US/plmcomponents/jt/jt2go/ \n  *  Teamcenter Visualization V14.3: Update to  V14.3.0.8 or later version https://support.sw.siemens.com/ \n  *  Teamcenter Visualization V2312: Update to  V2312.0002 or later version https://support.sw.siemens.com/ \n\n\n\nFor more information see the associated Siemens security advisory SSA-722010"
        }
    ],
    "credits": [
        {
            "lang": "en",
            "value": "MoyunSec reported this vulnerability to Siemens."
        }
    ],
    "impact": {
        "cvss": [
            {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
            }
        ]
    }
}