CVE-2024-26276

low-risk

Published 2024-04-09

A vulnerability has been identified in JT2Go (All versions < V2312.0004), Parasolid V35.1 (All versions < V35.1.254), Parasolid V36.0 (All versions < V36.0.207), Parasolid V36.1 (All versions < V36.1.147), Teamcenter Visualization V14.2 (All versions < V14.2.0.12), Teamcenter Visualization V14.3 (All versions < V14.3.0.9), Teamcenter Visualization V2312 (All versions < V2312.0004). The affected application contains a stack exhaustion vulnerability while parsing a specially crafted X_T file. This could allow an attacker to cause denial of service condition.

Do I need to act?

0.08% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 3.3/10 Low

LOCAL / LOW complexity

Affected Products (3)

Jt2Go

Parasolid

Teamcenter Visualization

Affected Vendors

Siemens

References (4)

Vendor Advisory https://cert-portal.siemens.com/productcert/html/ssa-222019.html

Vendor Advisory https://cert-portal.siemens.com/productcert/html/ssa-771940.html

Vendor Advisory https://cert-portal.siemens.com/productcert/html/ssa-222019.html

Vendor Advisory https://cert-portal.siemens.com/productcert/html/ssa-771940.html

/ 100

low-risk

Severity 13/34 · Low

Exploitability 0/34 · Minimal

Exposure 9/34 · Low