CVE-2024-37997

Description

A vulnerability has been identified in JT Open (All versions < V11.5), JT2Go (All versions < V2406.0003), PLM XML SDK (All versions < V7.1.0.014), Teamcenter Visualization V14.2 (All versions < V14.2.0.13), Teamcenter Visualization V14.3 (All versions < V14.3.0.11), Teamcenter Visualization V2312 (All versions < V2312.0008), Teamcenter Visualization V2406 (All versions < V2406.0003). The affected applications contain a stack based overflow vulnerability while parsing specially crafted XML files. This could allow an attacker to execute code in the context of the current process.

References

Link	Tags
https://cert-portal.siemens.com/productcert/html/ssa-824889.html
https://cert-portal.siemens.com/productcert/html/ssa-959281.html

Frequently Asked Questions

What is the severity of CVE-2024-37997?: CVE-2024-37997 has been scored as a high severity vulnerability.
How to fix CVE-2024-37997?: To fix CVE-2024-37997, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-37997 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2024-37997 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-37997?: CVE-2024-37997 affects Siemens JT Open, Siemens JT2Go, Siemens PLM XML SDK, Siemens Teamcenter Visualization V14.2, Siemens Teamcenter Visualization V14.3, Siemens Teamcenter Visualization V2312, Siemens Teamcenter Visualization V2406.

Description

Category

CWE-121 – Stack-based Buffer Overflow

References

Frequently Asked Questions