CVE-2021-44007: 
Siemens JT2Go vulnerability analysis and mitigation

A vulnerability has been identified in JT2Go (All versions < V13.2.0.5) and Teamcenter Visualization (All versions < V13.2.0.5). The Tiff_Loader.dll contains an off-by-one error in the heap while parsing specially crafted TIFF files. This vulnerability was discovered in December 2021 and assigned CVE-2021-44007 (NVD, CISA).

The vulnerability is classified as an off-by-one error (CWE-193) in the heap memory handling within the Tiff_Loader.dll component. The CVSS v3.1 base score is 3.3 MEDIUM, with the vector string AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L, indicating local access required and user interaction needed (CISA).

If exploited, this vulnerability could allow an attacker to cause a denial-of-service condition in the affected applications. The impact is limited to availability, with no direct effect on confidentiality or integrity of the system (CISA).

Siemens has released updates to address this vulnerability. Users should update to JT2Go version 13.2.0.5 or later, and Teamcenter Visualization version 13.2.0.5 or later. As a general security measure, Siemens strongly recommends protecting network access with appropriate mechanisms and following their operational guidelines for industrial security (Siemens Advisory).