CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-32637

Medium Severity
SVRS
30/100
CVSSv3
NA/10
EPSS
0.00031/1

CVE-2024-32637 is a critical vulnerability affecting JT2Go and Teamcenter Visualization. This null pointer dereference issue arises when parsing malicious X_T files, potentially leading to application crashes and denial of service. Specifically, versions of JT2Go below V2312.0005, Teamcenter Visualization V14.2 below V14.2.0.12, V14.3 below V14.3.0.10, and V2312 below V2312.0005 are vulnerable. Although the CVSS score is 0, the presence of this vulnerability allows attackers to disrupt application availability. While SOCRadar's SVRS score is 30, indicating a moderate risk currently, organizations should still apply the necessary patches. This vulnerability can cause significant operational disruptions, underscoring the importance of promptly updating affected systems. Failing to patch this exploit could enable attackers to repeatedly crash the application, causing service unavailability.

TAGS
In The Wild
VECTOR STRING
PUBLICATION DATE2024-05-14
LAST MODIFIED2024-08-13
Eye Icon
SOCRadar
AI Insight

Description

CVE-2024-32637 is a vulnerability with a CVSS score of 0, indicating a low severity level. However, SOCRadar's unique 'SOCRadar Vulnerability Risk Score' (SVRS) assigns it a score of 30, highlighting the potential for exploitation.

Key Insights

  • Active Exploitation: The vulnerability is actively exploited in the wild, posing an immediate threat to organizations.
  • Low CVSS Score: Despite the low CVSS score, the SVRS score of 30 indicates that the vulnerability may have significant consequences if exploited.
  • Unknown Description: The lack of a detailed description for this CVE makes it challenging to assess its full impact and potential mitigation strategies.
  • Threat Actors: Information on specific threat actors or APT groups actively exploiting this vulnerability is currently unavailable.

Mitigation Strategies

  • Apply Patches: As soon as a patch becomes available, apply it promptly to all affected systems.
  • Monitor Network Traffic: Implement network monitoring tools to detect and block suspicious activity that may indicate exploitation attempts.
  • Educate Users: Raise awareness among users about the vulnerability and encourage them to practice good cybersecurity hygiene.
  • Consider Additional Security Measures: Explore additional security measures, such as intrusion detection systems (IDS) or web application firewalls (WAF), to enhance protection against potential exploitation.

Additional Information

If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

CVE-2024-32637 | Siemens Parasolid X_T File null pointer dereference (ssa-046364)
vuldb.com2025-03-30
CVE-2024-32637 | Siemens Parasolid X_T File null pointer dereference (ssa-046364) | A vulnerability was found in Siemens Parasolid. It has been classified as problematic. Affected is an unknown function of the component X_T File Handler. The manipulation leads to null pointer dereference. This vulnerability is traded as CVE-2024-32637. It is possible to launch the attack remotely. There is no
vuldb.com
rss
forum
news
Vulnerability Summary for the Week of May 13, 2024
CISA2024-05-20
; The Themify Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's themify_button shortcode in all versions up to, and including, 2.0.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-05-14 <a href="https://nvd.nist.gov/cvss.cfm?version=2&amp;name=CVE-2024-4567&amp;vector=CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" target="_blank" title
cve-2023-52695
cve-2024-4231
cve-2024-4968
cve-2024-4666

Social Media

CVE-2024-32637 A vulnerability has been identified in Parasolid V35.1 (All versions &lt; V35.1.256), Parasolid V36.0 (All versions &lt; V36.0.208), Parasolid V36.1 (All versions &lt; V36.1.1… https://t.co/yPYw0YiiZi
0
0
0

Affected Software

No affected software found for this CVE

References

ReferenceLink
[email protected]https://cert-portal.siemens.com/productcert/html/ssa-046364.html
[email protected]https://cert-portal.siemens.com/productcert/html/ssa-046364.html
[email protected]https://cert-portal.siemens.com/productcert/html/ssa-856475.html

CWE Details

CWE IDCWE NameDescription
CWE-476NULL Pointer DereferenceA NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence