CVE-2022-29029: 
Siemens JT2Go vulnerability analysis and mitigation

A vulnerability has been identified in JT2Go (All versions < V13.3.0.3), Teamcenter Visualization V13.3 (All versions < V13.3.0.3), and Teamcenter Visualization V14.0 (All versions < V14.0.0.1). The vulnerability exists in the CGMNISTLoader.dll component, which contains a null pointer dereference vulnerability while parsing specially crafted CGM files (CISA, NVD).

The vulnerability is classified as a NULL Pointer Dereference (CWE-476). The CVSS v3.1 base score is 5.5 MEDIUM with the vector string: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H. The vulnerability requires local access and user interaction to exploit, but does not require privileges (NVD).

An attacker could leverage this vulnerability to crash the application, causing a denial-of-service condition. The vulnerability affects the availability of the system but does not impact confidentiality or integrity (CISA).

Siemens has released updates to address this vulnerability. Users should update to the following versions: JT2GO: Update to v13.3.0.3, Teamcenter Visualization v13.3: Update to v13.3.0.3, Teamcenter Visualization v14.0: Update to v14.0.0.1. As a general security measure, Siemens recommends avoiding opening untrusted files from unknown sources in affected products (CISA).