Detections
Analytics
Siemens JT2Go < 14.1.0.5 Multiple Vulnerabilities (SSA-360681)
high Nessus Plugin ID 168748
Language:
Synopsis
The remote Windows host contains an application affected by multiple vulnerabilities.Description
The version of Siemens JT2Go installed on the remote Windows hosts is prior to 14.1.0.5. It is, therefore, affected by multiple vulnerabilities in the APDFL library that could be triggered when the application reads malicious PDF files.If a user is tricked to open a malicious PDF file this could lead the application to crash or potentially lead to arbitrary code execution.
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Update JT2Go to version 14.1.0.5 or later.See Also
https://cert-portal.siemens.com/productcert/pdf/ssa-360681.pdf
Plugin Details
Severity: High
ID: 168748
File Name: siemens_jt2go_ssa-360681.nasl
Version: 1.5
Type: local
Agent: windows
Family: Windows
Published: 12/15/2022
Updated: 4/20/2023
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: High
Base Score: 7.2
Temporal Score: 5.3
Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS Score Source: CVE-2022-3161
CVSS v3
Risk Factor: High
Base Score: 7.8
Temporal Score: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: cpe:/a:siemens:jt2go
Required KB Items: installed_sw/Siemens JT2Go
Exploit Ease: No known exploits are available
Patch Publication Date: 12/13/2022
Vulnerability Publication Date: 12/13/2022
Reference Information
CVE: CVE-2022-3159, CVE-2022-3160, CVE-2022-3161
IAVA: 2022-A-0522-S