CVE-2020-26999: 
Siemens JT2Go vulnerability analysis and mitigation

A vulnerability has been identified in JT2Go (All versions < V13.1.0.2) and Teamcenter Visualization (All versions < V13.1.0.2). The affected applications lack proper validation of user-supplied data when parsing PAR files, which could result in a memory access past the end of an allocated buffer (NVD).

The vulnerability is classified as an Out-of-bounds Read (CWE-125) issue. The CVSS v3.1 base score is 7.8 (HIGH) with the vector string: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. The specific flaw exists within the parsing of PAR files, where the application fails to properly validate user-supplied data (ZDI, NVD).

An attacker could leverage this vulnerability to leak information and potentially execute arbitrary code in the context of the current process. The vulnerability affects confidentiality, integrity, and availability of the system (ZDI).

Siemens has released updates to address this vulnerability. Users should update to JT2Go v13.1.0.2 or later and Teamcenter Visualization v13.1.0.2 or later. Additionally, it is recommended to limit the opening of untrusted files in systems where these applications are installed (CISA).