CVE-2022-24290 - OpenCVE

A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.13), Teamcenter V13.0 (All versions < V13.0.0.9), Teamcenter V13.1 (All versions), Teamcenter V13.2 (All versions < V13.2.0.8), Teamcenter V13.3 (All versions < V13.3.0.3), Teamcenter V14.0 (All versions < V14.0.0.2). The tcserver.exe binary in affected applications is vulnerable to a stack overflow condition during the parsing of user input that may lead the binary to crash.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Siemens	Teamcenter

Configuration 1 [-]

OR	cpe:2.3:a:siemens:teamcenter::::::::
	cpe:2.3:a:siemens:teamcenter::::::::
	cpe:2.3:a:siemens:teamcenter::::::::
	cpe:2.3:a:siemens:teamcenter::::::::
	cpe:2.3:a:siemens:teamcenter::::::::
	cpe:2.3:a:siemens:teamcenter:14.0:::::::*

No data.

References

Link	Providers
https://cert-portal.siemens.com/productcert/pdf/ssa-789162.pdf

History

No history.

MITRE

Status: PUBLISHED

Assigner: siemens

Published: 2022-05-10T09:46:58

Updated: 2024-08-03T04:07:02.458Z

Reserved: 2022-02-01T00:00:00

Link: CVE-2022-24290

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-05-20T13:15:14.737

Modified: 2023-02-23T18:08:22.223

Link: CVE-2022-24290

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Teamcenter V12.4", "vendor": "Siemens", "versions": [{"status": "affected", "version": "All versions < V12.4.0.13"}]}, {"product": "Teamcenter V13.0", "vendor": "Siemens", "versions": [{"status": "affected", "version": "All versions < V13.0.0.9"}]}, {"product": "Teamcenter V13.1", "vendor": "Siemens", "versions": [{"status": "affected", "version": "All versions"}]}, {"product": "Teamcenter V13.2", "vendor": "Siemens", "versions": [{"status": "affected", "version": "All versions < V13.2.0.8"}]}, {"product": "Teamcenter V13.3", "vendor": "Siemens", "versions": [{"status": "affected", "version": "All versions < V13.3.0.3"}]}, {"product": "Teamcenter V14.0", "vendor": "Siemens", "versions": [{"status": "affected", "version": "All versions < V14.0.0.2"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.13), Teamcenter V13.0 (All versions < V13.0.0.9), Teamcenter V13.1 (All versions), Teamcenter V13.2 (All versions < V13.2.0.8), Teamcenter V13.3 (All versions < V13.3.0.3), Teamcenter V14.0 (All versions < V14.0.0.2). The tcserver.exe binary in affected applications is vulnerable to a stack overflow condition during the parsing of user input that may lead the binary to crash."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-121", "description": "CWE-121: Stack-based Buffer Overflow", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-08-10T11:17:31", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-789162.pdf"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "productcert@siemens.com", "ID": "CVE-2022-24290", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Teamcenter V12.4", "version": {"version_data": [{"version_value": "All versions < V12.4.0.13"}]}}, {"product_name": "Teamcenter V13.0", "version": {"version_data": [{"version_value": "All versions < V13.0.0.9"}]}}, {"product_name": "Teamcenter V13.1", "version": {"version_data": [{"version_value": "All versions"}]}}, {"product_name": "Teamcenter V13.2", "version": {"version_data": [{"version_value": "All versions < V13.2.0.8"}]}}, {"product_name": "Teamcenter V13.3", "version": {"version_data": [{"version_value": "All versions < V13.3.0.3"}]}}, {"product_name": "Teamcenter V14.0", "version": {"version_data": [{"version_value": "All versions < V14.0.0.2"}]}}]}, "vendor_name": "Siemens"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.13), Teamcenter V13.0 (All versions < V13.0.0.9), Teamcenter V13.1 (All versions), Teamcenter V13.2 (All versions < V13.2.0.8), Teamcenter V13.3 (All versions < V13.3.0.3), Teamcenter V14.0 (All versions < V14.0.0.2). The tcserver.exe binary in affected applications is vulnerable to a stack overflow condition during the parsing of user input that may lead the binary to crash."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-121: Stack-based Buffer Overflow"}]}]}, "references": {"reference_data": [{"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-789162.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-789162.pdf"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T04:07:02.458Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-789162.pdf"}]}]}, "cveMetadata": {"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2022-24290", "datePublished": "2022-05-10T09:46:58", "dateReserved": "2022-02-01T00:00:00", "dateUpdated": "2024-08-03T04:07:02.458Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:siemens:teamcenter:*:*:*:*:*:*:*:*", "matchCriteriaId": "CA684297-D33B-4E81-A19F-29514EB409A0", "versionEndExcluding": "12.4.0.13", "versionStartIncluding": "12.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:teamcenter:*:*:*:*:*:*:*:*", "matchCriteriaId": "C0EDF96B-DF5B-4A9E-A70E-FD3EEE8067CD", "versionEndExcluding": "13.0.0.9", "versionStartIncluding": "13.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:teamcenter:*:*:*:*:*:*:*:*", "matchCriteriaId": "80958809-7B4E-4B17-8438-1AA0F5960F90", "versionEndExcluding": "13.1.0.9", "versionStartIncluding": "13.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:teamcenter:*:*:*:*:*:*:*:*", "matchCriteriaId": "18D62450-7CF5-4DE6-BDA2-24AF6CA93D74", "versionEndExcluding": "13.2.0.8", "versionStartIncluding": "13.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:teamcenter:*:*:*:*:*:*:*:*", "matchCriteriaId": "704B0DB9-516D-4CDE-89AE-D36100B3B84A", "versionEndExcluding": "13.3.0.3", "versionStartIncluding": "13.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:teamcenter:14.0:*:*:*:*:*:*:*", "matchCriteriaId": "81AC6B3C-5221-4F9A-B495-737910347408", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.13), Teamcenter V13.0 (All versions < V13.0.0.9), Teamcenter V13.1 (All versions), Teamcenter V13.2 (All versions < V13.2.0.8), Teamcenter V13.3 (All versions < V13.3.0.3), Teamcenter V14.0 (All versions < V14.0.0.2). The tcserver.exe binary in affected applications is vulnerable to a stack overflow condition during the parsing of user input that may lead the binary to crash."}, {"lang": "es", "value": "Se ha identificado una vulnerabilidad en Teamcenter V12.4 (Todas las versiones anteriores a V12.4.0.13), Teamcenter V13.0 (Todas las versiones anteriores a V13.0.0.9), Teamcenter V13.1 (Todas las versiones), Teamcenter V13.2 (Todas las versiones anteriores a V13.2.0.8), Teamcenter V13.3 (Todas las versiones anteriores a V13.3.0.3), Teamcenter V14.0 (Todas las versiones anteriores a V14.0.0.2). El binario tcserver.exe de las aplicaciones afectadas es vulnerable a una condici\u00f3n de desbordamiento de pila durante el an\u00e1lisis de la entrada del usuario que puede hacer que el binario se bloquee"}], "id": "CVE-2022-24290", "lastModified": "2023-02-23T18:08:22.223", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-05-20T13:15:14.737", "references": [{"source": "productcert@siemens.com", "tags": ["Mitigation", "Patch", "Vendor Advisory"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-789162.pdf"}], "sourceIdentifier": "productcert@siemens.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-121"}], "source": "productcert@siemens.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Secondary"}]}