CVE-2022-2069

Datalogics APDFL library Heap-based Buffer Overflow

Description

The APDFL.dll in Siemens JT2Go prior to V13.3.0.5 and Siemens Teamcenter Visualization prior to V14.0.0.2 contains an out of bounds write past the fixed-length heap-based buffer while parsing specially crafted PDF files. This could allow an attacker to execute code in the context of the current process.

Remediation

Solution:

  • Siemens recommends updating to the latest version: Teamcenter Visualization V13.3: Update to version 13.3.0.5 or later Teamcenter Visualization V14.0: Currently no fix available. JT2Go V13.3.0.5: Update to version 13.3.0.5 or later For more information see Siemens Security Advisory SSA-829738

Workaround:

  • Avoid opening untrusted files in JT2Go and Teamcenter Visualization As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens’ and to follow the recommendations in the product manuals. Additional information on industrial security by Siemens can be found on Siemens’ Industrial Security webpage. For more information see Siemens Security Advisory SSA-829738

Categories

7.8
CVSS
Severity: High
CVSS 3.1 •
EPSS 0.06%
Vendor Advisory siemens.com
Affected: Siemens JT2Go
Affected: Siemens Teamcenter Visualization V13.3
Affected: Siemens Teamcenter Visualization V14.0
Published at:
Updated at:

References

Link Tags
https://cert-portal.siemens.com/productcert/pdf/ssa-829738.pdf vendor advisory
https://www.cisa.gov/uscert/ics/advisories/icsa-22-195-07 third party advisory us government resource

Frequently Asked Questions

What is the severity of CVE-2022-2069?
CVE-2022-2069 has been scored as a high severity vulnerability.
How to fix CVE-2022-2069?
To fix CVE-2022-2069: Siemens recommends updating to the latest version: Teamcenter Visualization V13.3: Update to version 13.3.0.5 or later Teamcenter Visualization V14.0: Currently no fix available. JT2Go V13.3.0.5: Update to version 13.3.0.5 or later For more information see Siemens Security Advisory SSA-829738
Is CVE-2022-2069 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2022-2069 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2022-2069?
CVE-2022-2069 affects Siemens JT2Go, Siemens Teamcenter Visualization V13.3, Siemens Teamcenter Visualization V14.0.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.