CVE-2022-2069 The APDFL.dll in Siemens JT2Go V13.3.0.5 and Siemens Teamcenter Visualization V14.0.0.2 contains a heap-based write that wrote past the buffer.

This issue is resolved in APDFL.dll in Siemens JT2Go V14.2.0.18 and Siemens Teamcenter Visualization V14.2.0.18 and later versions. Patch your software as soon as possible. In addition, in Siemens Teamcenter Visualization prior to V14.0.0.2, a user with access to a process could take control of that process by creating a specially crafted PDF document. An attacker could exploit this vulnerability to install a malicious software that would allow the attacker to take control of a Teamcenter process. This issue is resolved in Siemens Teamcenter Visualization V14.2.0.18 and later versions. Patch your software as soon as possible. In addition, in Siemens Teamcenter Visualization prior to V14.0.0.2, a user with access to a process could take control of that process by creating a specially crafted PDF document. An attacker could exploit this vulnerability to install a malicious software that would allow the attacker to take control of a Teamcenter process.

APDFL.dll

- CVE-2022-2069
This vulnerability is a local privilege escalation vulnerability. It allows an unprivileged user to gain administrator privileges on a remote computer through the APDFL32 process. The attacker could exploit this vulnerability to drop a malicious software that would allow the attacker to take control of a Teamcenter process.

APDFL.dll Information

This issue is resolved in APDFL.dll in Siemens JT2Go V14.2.0.18 and Siemens Teamcenter Visualization V14.2.0.18 and later versions. Patch your software as soon as possible. In addition, in Siemens Teamcenter Visualization prior to V14.0.0.2, a user with access to a process could take control of that process by creating a specially crafted PDF document. An attacker could exploit this vulnerability to install a malicious software that would allow the attacker to take control of a Teamcenter process.

Timeline

Published on: 10/20/2022 17:15:00 UTC
Last modified on: 10/21/2022 19:05:00 UTC

References