BENTLEY SYSTEMS, INCORPORATED

(BSY)
  Report
Delayed Nasdaq  -  05/25 03:59:02 pm EDT
31.80 USD   +3.79%
05/24CASE STUDY : Savings Achieved in Scheduling and Work Package Development With Modeling Software During COVID-19
PU
05/20Patentability Of Simulations In Europe
AQ
05/20WALL STREET STOCK EXCHANGE : China triggers rebound on Wall Street
SummaryQuotesChartsNewsRatingsCalendarCompanyFinancialsConsensusRevisions 
SummaryMost relevantAll NewsAnalyst Reco.Other languagesPress ReleasesOfficial PublicationsSector news

Bentley Incorporated : Siemens Clears JT Utilities, JT Open Toolkit Holes

12/30/2021 | 10:37am EDT

In one issue, JTTK library in affected products is vulnerable to an out-of-bounds write past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process.

CVE-2021-44430 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.8.

In addition, JTTK library is vulnerable to an out-of-bounds read past the end of an allocated buffer when parsing specially crafted JT files. This could allow an attacker to leak information in the context of the current process.

CVE-2021-44431 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 3.3.

Also, JTTK library is vulnerable to stack-based buffer overflow while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process.

CVE-2021-44432 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.8.

In another issue, JTTK library contains a use after free vulnerability that could end up triggered while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process.

CVE-2021-44433 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.8.

In addition, JTTK library is vulnerable to an out-of-bounds write past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process.

CVE-2021-44434 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.8.

Also, JTTK library is vulnerable to stack-based buffer overflow while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process.

CVE-2021-44435 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.8.

In another issue, JTTK library is vulnerable to an out-of-bounds read past the end of an allocated buffer when parsing specially crafted JT files. This could allow an attacker to leak information in the context of the current process.

CVE-2021-44436 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.8.

In addition, JTTK library is vulnerable to an out-of-bounds write past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process.

CVE-2021-44437 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.8.

Also, JTTK library is vulnerable to an out-of-bounds write past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process.

CVE-2021-44438 is the case number has been assigned to this vulnerability, which has a CVSS v3 base score of 7.8.

In another issue, JTTK library in affected products is vulnerable to an out-of-bounds read past the end of an allocated buffer when parsing specially crafted JT files. This could allow an attacker to leak information in the context of the current process.

CVE-2021-44439 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.8.

In addition, JTTK library in affected products is vulnerable to memory corruption condition while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process.

CVE-2021-44440 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.8.

Also, JTTK library contains an out-of-bounds write past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process.

CVE-2021-44441 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.8.

In another issue, JTTK library contains an out-of-bounds write past the fixed-length heap-based buffer while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process.

CVE-2021-44442 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.8.

In addition, JTTK library contains an out-of-bounds write past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process.

CVE-2021-44443 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.8.

Also, JTTK library in affected products is vulnerable to an out-of-bounds read past the end of an allocated buffer when parsing specially crafted JT files. This could allow an attacker to leak information in the context of the current process.

CVE-2021-44444 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 3.3.

Finally, JTTK library contains an out-of-bounds write past the fixed-length heap-based buffer while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process.

CVE-2021-44445 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.8.

The product sees use in multiple industrial sectors, and on a global basis.

No known public exploits specifically target these vulnerabilities. These vulnerabilities are not exploitable remotely. However, an attacker with low skill level could leverage these low complexity vulnerabilities.

Siemens has released an update for the following versions:

Siemens identified the following specific workarounds and mitigations users can apply to reduce the risk:

  • Avoid to open untrusted files from unknown sources using JTTK
  • Avoid opening untrusted files from unknown sources in JT Utilities

As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens' operational guidelines for Industrial Security and following the recommendations in the product manuals.

For more information about this issue, click on Siemens security advisory SSA-802578.

Disclaimer

Bentley Systems Inc. published this content on 30 December 2021 and is solely responsible for the information contained therein. Distributed by Public, unedited and unaltered, on 30 December 2021 15:36:04 UTC.


© Publicnow 2021
All news about BENTLEY SYSTEMS, INCORPORATED
05/24CASE STUDY : Savings Achieved in Scheduling and Work Package Development With Modeling Sof..
PU
05/20Patentability Of Simulations In Europe
AQ
05/20WALL STREET STOCK EXCHANGE : China triggers rebound on Wall Street
05/20ANALYST RECOMMENDATIONS : Apple, Crowdstrike, Lowe's, Lululemon, Nvidia...
05/20Oppenheimer Starts Bentley Systems at Outperform With $40 Price Target
MT
05/11BENTLEY SYSTEMS INC : Other Events, Financial Statements and Exhibits (form 8-K)
AQ
05/11Bentley Systems, Incorporated announces an Equity Buyback for $200 million worth of its..
CI
05/11Bentley Systems Announces BSY Stock Repurchase Program
BU
05/11KeyBanc Adjusts Bentley Systems' Price Target to $45 from $50, Keeps Overweight Rating
MT
05/11RBC Cuts Price Target on Bentley Systems to $46 From $55, Maintains Outperform Rating
MT
More news
Analyst Recommendations on BENTLEY SYSTEMS, INCORPORATED
More recommendations
Financials (USD)
Sales 2022 1 126 M - -
Net income 2022 177 M - -
Net Debt 2022 1 543 M - -
P/E ratio 2022 54,7x
Yield 2022 0,37%
Capitalization 9 549 M 9 549 M -
EV / Sales 2022 9,85x
EV / Sales 2023 8,62x
Nbr of Employees 4 626
Free-Float 75,5%
Chart BENTLEY SYSTEMS, INCORPORATED
Duration : Period :
Bentley Systems, Incorporated Technical Analysis Chart | MarketScreener
Full-screen chart
Technical analysis trends BENTLEY SYSTEMS, INCORPORATED
Short TermMid-TermLong Term
TrendsBearishBearishBearish
Income Statement Evolution
Consensus
Sell
Buy
Mean consensus BUY
Number of Analysts 9
Last Close Price 30,64 $
Average target price 48,25 $
Spread / Average Target 57,5%
EPS Revisions
Managers and Directors
Gregory S. Bentley Chairman, President & Chief Executive Officer
Werner Andre Chief Financial & Accounting Officer
Keith Arthur Bentley Director, Chief Technology Officer & Executive VP
Claire Rutkowski Chief Information Officer
Nicholas H. Cumins Chief Operating Officer
Sector and Competitors
1st jan.Capi. (M$)
BENTLEY SYSTEMS, INCORPORATED-36.60%9 549
MICROSOFT CORPORATION-22.81%1 941 707
DASSAULT SYSTÈMES SE-28.85%52 342
SYNOPSYS INC.-19.57%45 374
ATLASSIAN CORPORATION PLC-56.94%41 735
SEA LIMITED-68.11%39 932