CVE-2021-44018: 
Siemens JT2Go vulnerability analysis and mitigation

A vulnerability has been identified in JT2Go (All versions < V13.2.0.7), Solid Edge SE2021 (All versions < SE2021MP9), Solid Edge SE2022 (All versions < SE2022MP1), Teamcenter Visualization V13.1 (All versions < V13.1.0.9), Teamcenter Visualization V13.2 (All versions < V13.2.0.7), and Teamcenter Visualization V13.3 (All versions < V13.3.0.1). The plmxmlAdapterSE70.dll library contains a memory corruption vulnerability while parsing specially crafted PAR files (CISA Advisory, Siemens Advisory).

The vulnerability is classified as an out-of-bounds read issue (CWE-125) in the plmxmlAdapterSE70.dll library. It has been assigned a CVSS v3 base score of 7.8 with the vector string AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating local access required, low attack complexity, no privileges required, and user interaction needed (ZDI Advisory).

If successfully exploited, this vulnerability could allow an attacker to execute arbitrary code in the context of the current process. The high severity ratings for confidentiality, integrity, and availability impacts indicate potential complete compromise of the affected system (CISA Advisory).

Siemens has released updates to address this vulnerability and recommends updating to the following versions: JT2Go to V13.2.0.7 or later, Solid Edge SE2021 to SE2021MP9 or later, Solid Edge SE2022 to SE2022MP1 or later, Teamcenter Visualization V13.1 to V13.1.0.9 or later, V13.2 to V13.2.0.7 or later, and V13.3 to V13.3.0.1 or later. As a workaround, users should avoid opening untrusted files from unknown sources in affected products (CISA Advisory).