CVE-2022-29031: 
Siemens JT2Go vulnerability analysis and mitigation

A null pointer dereference vulnerability (CVE-2022-29031) was discovered in Siemens JT2GO and Teamcenter Visualization software. The vulnerability affects JT2GO versions prior to v13.3.0.3, Teamcenter Visualization v13.3 versions prior to v13.3.0.3, and Teamcenter Visualization v14.0 versions prior to v14.0.0.1 (CISA Advisory).

The vulnerability is classified as CWE-476 (Null Pointer Dereference) and has been assigned a CVSS v3 base score of 3.3. The CVSS vector string is AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L, indicating local access, low attack complexity, no privileges required, user interaction required, and low impact on availability (CISA Advisory).

If exploited, this vulnerability could allow an attacker to crash the application and cause a denial-of-service condition when a user opens a specially crafted malicious file (CISA Advisory).

Siemens has released software updates to address this vulnerability. Users should update to JT2GO v13.3.0.3, Teamcenter Visualization v13.3.0.3, or Teamcenter Visualization v14.0.0.1 as appropriate. As a workaround, users should avoid opening untrusted files from unknown sources in affected products (CISA Advisory).