ICSA-21-040-06_Siemens JT2Go and Teamcenter Visualization (Update A)

Plan Patch7.8ICS-CERT ICSA-21-040-06May 17, 2021

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

Siemens JT2Go and Teamcenter Visualization contain buffer overflow and out-of-bounds read vulnerabilities (CWE-821, CWE-125, CWE-121) in the ASM and PAR file parsers. If a user opens a crafted malicious file in these formats, the application may crash or execute arbitrary code on the workstation. The vulnerability requires user interaction but does not require authentication or network connectivity. Siemens has released version 13.1.0.2 to address these issues.

What this means

What could happen

If an operator opens a malicious ASM or PAR file in JT2Go or Teamcenter Visualization, an attacker could execute arbitrary code on the workstation, potentially compromising sensitive design data or gaining access to the engineering network.

Who's at risk

Engineering and design teams using Siemens JT2Go or Teamcenter Visualization for CAD file review on Windows workstations. This affects any organization that creates or reviews mechanical designs, 3D models, or product data files in ASM or PAR formats, including manufacturing, process plants, and engineering consultancies.

How it could be exploited

An attacker crafts a malicious ASM or PAR file and tricks or socially engineers a user to open it in JT2Go or Teamcenter Visualization. When the file is parsed, a buffer overflow or out-of-bounds read vulnerability is triggered, allowing code execution on the user's workstation with the privileges of the logged-in user.

Prerequisites

User interaction required: victim must open a malicious ASM or PAR file
Vulnerable version of JT2Go or Teamcenter Visualization installed on a workstation
Access to deliver the malicious file to the target user (email, file share, USB, etc.)

user interaction required (social engineering vector)low complexity exploitationaffects engineering workstations with potential network accessno authentication required to exploit once file is openedbuffer overflow and out-of-bounds read vulnerabilities

Exploitability

Moderate exploit probability (EPSS 1.0%)

Affected products (2)

2 with fix

ProductAffected VersionsFix Status

JT2Go<V13.1.0.213.1.0.2

Teamcenter Visualization<V13.1.0.213.1.0.2

Remediation & Mitigation

0/5

Do now

0/2

WORKAROUNDImplement file transfer controls to block or warn users before opening ASM and PAR files from untrusted sources

WORKAROUNDConduct user awareness training on email phishing and social engineering attacks targeting file delivery

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

JT2Go

HOTFIXUpdate JT2Go to version 13.1.0.2 or later

Teamcenter Visualization

HOTFIXUpdate Teamcenter Visualization to version 13.1.0.2 or later

Long-term hardening

0/1

HARDENINGSegment engineering workstations from the general IT network and restrict file sharing capabilities

CVEs (5)

CVE-2020-26991 CVE-2020-26998 CVE-2020-26999 CVE-2020-27001 CVE-2020-27002

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/78d66300-f22e-4cb0-9e02-52a5f7ff2860