CVE-2021-33713 - OpenCVE

A vulnerability has been identified in JT Utilities (All versions < V13.0.2.0). When parsing specially crafted JT files, a hash function is called with an incorrect argument leading the application to crash. An attacker could leverage this vulnerability to cause a Denial-of-Service condition in the application.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction Required

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:L/AC:L/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Siemens	Jt Utilities

Configuration 1 [-]

cpe:2.3:a:siemens:jt_utilities:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://cert-portal.siemens.com/productcert/pdf/ssa-209268.pdf

History

No history.

MITRE

Status: PUBLISHED

Assigner: siemens

Published: 2021-07-13T11:03:03

Updated: 2024-08-03T23:58:22.818Z

Reserved: 2021-05-28T00:00:00

Link: CVE-2021-33713

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-07-13T11:15:09.973

Modified: 2022-10-27T12:23:03.120

Link: CVE-2021-33713

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "JT Utilities", "vendor": "Siemens", "versions": [{"status": "affected", "version": "All versions < V13.0.2.0"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in JT Utilities (All versions < V13.0.2.0). When parsing specially crafted JT files, a hash function is called with an incorrect argument leading the application to crash. An attacker could leverage this vulnerability to cause a Denial-of-Service condition in the application."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-688", "description": "CWE-688: Function Call With Incorrect Variable or Reference as Argument", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-07-13T11:03:03", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-209268.pdf"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "productcert@siemens.com", "ID": "CVE-2021-33713", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "JT Utilities", "version": {"version_data": [{"version_value": "All versions < V13.0.2.0"}]}}]}, "vendor_name": "Siemens"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability has been identified in JT Utilities (All versions < V13.0.2.0). When parsing specially crafted JT files, a hash function is called with an incorrect argument leading the application to crash. An attacker could leverage this vulnerability to cause a Denial-of-Service condition in the application."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-688: Function Call With Incorrect Variable or Reference as Argument"}]}]}, "references": {"reference_data": [{"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-209268.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-209268.pdf"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T23:58:22.818Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-209268.pdf"}]}]}, "cveMetadata": {"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2021-33713", "datePublished": "2021-07-13T11:03:03", "dateReserved": "2021-05-28T00:00:00", "dateUpdated": "2024-08-03T23:58:22.818Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:siemens:jt_utilities:*:*:*:*:*:*:*:*", "matchCriteriaId": "81FB113B-95A2-462D-A00E-88C09635900C", "versionEndExcluding": "13.0.2.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in JT Utilities (All versions < V13.0.2.0). When parsing specially crafted JT files, a hash function is called with an incorrect argument leading the application to crash. An attacker could leverage this vulnerability to cause a Denial-of-Service condition in the application."}, {"lang": "es", "value": "Se ha identificado una vulnerabilidad en JT Utilities (Todas las versiones anteriores a V13.0.2.0). Cuando se analizan los archivos JT especialmente dise\u00f1ados, se llama a una funci\u00f3n hash con un argumento incorrecto, conllevando al bloqueo de la aplicaci\u00f3n. Un atacante podr\u00eda aprovechar esta vulnerabilidad para causar una condici\u00f3n de Denegaci\u00f3n de Servicio en la aplicaci\u00f3n"}], "id": "CVE-2021-33713", "lastModified": "2022-10-27T12:23:03.120", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-07-13T11:15:09.973", "references": [{"source": "productcert@siemens.com", "tags": ["Vendor Advisory"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-209268.pdf"}], "sourceIdentifier": "productcert@siemens.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-688"}], "source": "productcert@siemens.com", "type": "Secondary"}]}