CVE-2022-41662: 
Siemens JT2Go vulnerability analysis and mitigation

A vulnerability (CVE-2022-41662) was identified in JT2Go (versions before V14.1.0.4) and multiple versions of Teamcenter Visualization (V13.2, V13.3, V14.0, V14.1). The vulnerability involves an out-of-bounds read issue when parsing CGM files (NVD, CISA).

The vulnerability is classified as an out-of-bounds read (CWE-125) issue that occurs during CGM file parsing. It received a CVSS v3.1 base score of 7.8 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating local attack vector, low attack complexity, no privileges required, and user interaction required (NVD).

If successfully exploited, this vulnerability could allow an attacker to execute arbitrary code in the context of the current process, potentially leading to full system compromise (CISA).

Siemens has released updates to address this vulnerability and recommends updating to the following versions: JT2Go V14.1.0.4 or later, Teamcenter Visualization V14.1.0.4 or later, V14.0.0.3 or later, and V13.3.0.7 or later. As a workaround, users should not open untrusted CGM files in JT2Go and Teamcenter Visualization (CISA).