{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2023-1709","assignerOrgId":"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6","state":"PUBLISHED","assignerShortName":"icscert","dateReserved":"2023-03-29T22:59:38.901Z","datePublished":"2023-06-07T20:36:05.055Z","dateUpdated":"2025-01-06T19:59:28.270Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"JT2Go","vendor":"Siemens ","versions":[{"lessThan":"14.2.0.2","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unaffected","product":"Teamcenter Visualization","vendor":"Siemens ","versions":[{"lessThan":"13.2.0.13","status":"affected","version":"13.2","versionType":"custom"},{"lessThan":"13.3.0.9","status":"affected","version":"13.3","versionType":"custom"},{"lessThan":"14.0.0.5","status":"affected","version":"14.0","versionType":"custom"},{"lessThan":"14.1.0.7","status":"affected","version":"14.1","versionType":"custom"},{"lessThan":"14.2.0.2","status":"affected","version":"14.2","versionType":"custom"}]},{"defaultStatus":"unaffected","product":"Library APDFL","vendor":"Datalogics","versions":[{"lessThanOrEqual":"v18.0.4PlusP1e","status":"affected","version":"0","versionType":"custom"}]}],"credits":[{"lang":"en","type":"finder","user":"00000000-0000-4000-9000-000000000000","value":"Michael Heinzl reported this vulnerability to Siemens. "}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"\n\nDatalogics Library APDFLThe v18.0.4PlusP1e and prior contains a stack-based buffer overflow due to documents containing corrupted fonts, which could allow an attack that causes an unhandled crash during the rendering process.\n\n \n\n"}],"value":"\nDatalogics Library APDFLThe v18.0.4PlusP1e and prior contains a stack-based buffer overflow due to documents containing corrupted fonts, which could allow an attack that causes an unhandled crash during the rendering process.\n\n \n\n"}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]},{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":5.5,"baseSeverity":"MEDIUM","confidentialityImpact":"NONE","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-121","description":"CWE-121: Stack-based Buffer Overflow","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6","shortName":"icscert","dateUpdated":"2023-06-14T20:17:02.964Z"},"references":[{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-23-103-11"},{"url":"https://cert-portal.siemens.com/productcert/html/ssa-629917.html"},{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-23-164-01"}],"solutions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"\n
Siemens has released updates for the affected products and recommends updating to the latest versions:
"}],"value":"Siemens has released updates for the affected products and recommends updating to the latest versions:\n\n * JT2Go: Update to V14.2.0.2 https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html or later version\n * Teamcenter Visualization V13.2: Update to V13.2.0.13 https://support.sw.siemens.com/   or later version \n * Teamcenter Visualization V13.3: Update to V13.3.0.9 https://support.sw.siemens.com/   or later version \n * Teamcenter Visualization V14.0: Update to V14.0.0.5 https://support.sw.siemens.com/   or later version \n * Teamcenter Visualization V14.1: Update to V14.1.0.7 https://support.sw.siemens.com/   or later version \n * Teamcenter Visualization V14.2: Update to V14.2.0.2 https://support.sw.siemens.com/   or later version \n\n\n\n\n"}],"source":{"discovery":"EXTERNAL"},"title":"Datalogics Library APDFL Stack-based Buffer Overflow","workarounds":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"\n

Siemens has identified the following specific workarounds and mitigations that users can apply to reduce risks:

\n

As a general security measure, Siemens recommends protecting \nnetwork access to devices with appropriate mechanisms. To operate the \ndevices in a protected IT environment, Siemens recommends configuring \nthe environment according to Siemens' operational guidelines for industrial security,\n and to follow the recommendations in the product manuals. Additional \ninformation on industrial security by Siemens can be found at the Siemens Industrial Security web page. \n

For further inquiries on security vulnerabilities in Siemens products and solutions, users should contact the Siemens ProductCERT.

"}],"value":"Siemens has identified the following specific workarounds and mitigations that users can apply to reduce risks: \n\n\n * Avoid opening untrusted files in JT2Go and Teamcenter Visualization \n\n\n\nAs a general security measure, Siemens recommends protecting \nnetwork access to devices with appropriate mechanisms. To operate the \ndevices in a protected IT environment, Siemens recommends configuring \nthe environment according to Siemens' operational guidelines for industrial security https://www.siemens.com/cert/operational-guidelines-industrial-security ,\n and to follow the recommendations in the product manuals. Additional \ninformation on industrial security by Siemens can be found at the Siemens Industrial Security web page https://www.siemens.com/industrialsecurity . \n\n\nFor further inquiries on security vulnerabilities in Siemens products and solutions, users should contact the Siemens ProductCERT https://www.siemens.com/cert/advisories .\n\n"},{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"\n

Datalogics recommends users to update to APDFL v18.0.4PlusP1g. Contact Datalogics for more information on obtaining this update.

For more information, refer to Datalogic’s release notes.

\n\n
"}],"value":"Datalogics recommends users to update to APDFL v18.0.4PlusP1g. Contact Datalogics https://www.datalogics.com/datalogics-contact-us  for more information on obtaining this update.\n\nFor more information, refer to Datalogic’s release notes https://dev.datalogics.com/adobe-pdf-library/release-notes-adobe-pdf-library-v-18/ .\n\n\n\n\n"}],"x_generator":{"engine":"Vulnogram 0.1.0-dev"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T05:57:25.034Z"},"title":"CVE Program Container","references":[{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-23-103-11","tags":["x_transferred"]},{"url":"https://cert-portal.siemens.com/productcert/html/ssa-629917.html","tags":["x_transferred"]},{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-23-164-01","tags":["x_transferred"]}]},{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-01-06T19:59:18.928582Z","id":"CVE-2023-1709","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-01-06T19:59:28.270Z"}}]}}