Siemens JT2Go and Teamcenter Visualization (Update B)
Monitor7.8ICS-CERT ICSA-21-012-03Jan 12, 2021
Attack VectorLocal
Auth RequiredNone
ComplexityLow
User InteractionRequired
Summary
Siemens JT2Go and Teamcenter Visualization (all versions before 13.1.0) contain multiple memory corruption vulnerabilities in file parsing logic (CWE-843 XML denial-of-service, CWE-787 out-of-bounds write, CWE-122/121 buffer overflows, CWE-125 out-of-bounds read). These vulnerabilities allow arbitrary code execution when a user opens a malicious file. Versions 13.1.0 and later are only affected by a subset of CVEs (CVE-2020-26989, CVE-2020-26990, CVE-2020-26991). No complete patch is available.
What this means
What could happen
An attacker with local access to a machine running JT2Go or Teamcenter Visualization could execute arbitrary code and gain complete control of that workstation, potentially compromising engineering files and gaining access to the broader plant network.
Who's at risk
This affects engineering teams and CAD operators at any water authority, electric utility, or industrial facility that uses Siemens JT2Go or Teamcenter Visualization for viewing and managing design files. These are desktop tools used by engineers on workstations to review process flow diagrams, piping layouts, electrical schematics, and other design documentation.
How it could be exploited
An attacker would need to trick a user into opening a malicious file (likely a crafted JT or related CAD file) in JT2Go or Teamcenter Visualization. The vulnerable parsing logic could overflow memory or mishandle XML data, allowing the attacker to run code with the same privileges as the application user.
Prerequisites
- Local file access or ability to deliver a malicious file to a user
- User interaction required - victim must open a crafted file in the vulnerable application
- Application must be installed and running on an engineering workstation
Local exploitation only (not remotely exploitable)User interaction requiredNo patch available for most versionsAffects engineering workstations that may have access to sensitive plant design dataMemory corruption vulnerabilities (buffer overflow, out-of-bounds access)
Exploitability
Moderate exploit probability (EPSS 4.1%)
Affected products (4)
4 EOL
ProductAffected VersionsFix Status
JT2Go: All< 13.1.0No fix (EOL)
Teamcenter Visualization: All< 13.1.0No fix (EOL)
JT2Go:13.1.0 (Only affected by CVE-2020-26989 CVE-2020-26990 CVE-2020-26991)No fix (EOL)
Teamcenter Visualization:13.1.0 (Only affected by CVE-2020-26989 CVE-2020-26990 CVE-2020-26991)No fix (EOL)
Remediation & Mitigation
0/6
Do now
0/2WORKAROUNDRestrict file downloads and file-sharing capabilities on engineering workstations; require users to validate file sources before opening in JT2Go or Teamcenter Visualization
WORKAROUNDDisable automatic file preview or opening in these applications if available; require manual user action to execute files
Schedule — requires maintenance window
0/2Patching may require device reboot — plan for process interruption
HOTFIXUpgrade JT2Go to version 13.1.0 or later (if available for your specific CVE set) or migrate to a patched alternative CAD visualization tool
HOTFIXUpgrade Teamcenter Visualization to version 13.1.0 or later (if available for your specific CVE set) or migrate to a patched alternative
Mitigations - no patch available
0/2The following products have reached End of Life with no planned fix: JT2Go: All, Teamcenter Visualization: All, JT2Go:, Teamcenter Visualization:. Apply the following compensating controls:
HARDENINGSegment engineering workstations from the production control network using firewalls and VLANs to limit lateral movement if a workstation is compromised
HARDENINGImplement endpoint detection and response (EDR) or antivirus on engineering workstations to detect malicious code execution
CVEs (14)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/7e9e2527-0a8e-4229-a64e-d04f1e5149a6