Siemens JT2Go and Teamcenter Visualization

Plan Patch7.8ICS-CERT ICSA-21-147-04May 27, 2021

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

JT2Go and Teamcenter Visualization contain multiple buffer overflow and out-of-bounds read vulnerabilities (CWE-822, CWE-125, CWE-121) in their handling of JT 3D model files. These vulnerabilities can be exploited through a specially crafted JT file that, when opened by a user, could lead to arbitrary code execution or disclosure of sensitive information from the workstation memory. The vulnerabilities require local file access and user interaction—an attacker must convince a user to open a malicious JT file.

What this means

What could happen

An attacker with local access could trick an operator into opening a malicious JT file, leading to arbitrary code execution on the workstation. This could allow unauthorized access to engineering data or compromise of the visualization/design system.

Who's at risk

Engineering and design teams using JT2Go or Teamcenter Visualization for 3D model review and collaboration. This primarily affects workstations in design departments, engineering firms, and organizations that use Siemens PLM software for product visualization and manufacturing planning.

How it could be exploited

An attacker crafts a malicious JT file (3D model file format) and socially engineers an operator to open it in JT2Go or Teamcenter Visualization. The application fails to properly validate the file contents, allowing buffer overflow or out-of-bounds read vulnerabilities to execute arbitrary code on the workstation with the privileges of the logged-in user.

Prerequisites

Local file system access or ability to deliver file to target user
User interaction required: victim must open the malicious JT file
JT2Go or Teamcenter Visualization software installed on workstation

Local exploitation only (requires file delivery and user interaction)User interaction requiredLow attack complexityAffects engineering/design systems

Exploitability

Moderate exploit probability (EPSS 1.0%)

Affected products (2)

2 with fix

ProductAffected VersionsFix Status

JT2Go< V13.1.0.213.1.0.2

Teamcenter Visualization< V13.1.0.213.1.0.2

Remediation & Mitigation

0/5

Do now

0/1

WORKAROUNDInstruct users not to open JT files from untrusted sources or unknown senders

Schedule — requires maintenance window

0/3

Patching may require device reboot — plan for process interruption

JT2Go

HOTFIXUpdate JT2Go to version 13.1.0.2 or later

Teamcenter Visualization

HOTFIXUpdate Teamcenter Visualization to version 13.1.0.2 or later

All products

HARDENINGConfigure email security to block or quarantine JT file attachments from external sources

Long-term hardening

0/1

HARDENINGImplement network segmentation to restrict where these applications can receive files from (e.g., block direct file transfer from internet to engineering workstations)

CVEs (5)

CVE-2020-26991 CVE-2020-26998 CVE-2020-26999 CVE-2020-27001 CVE-2020-27002

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/51dd788d-9760-4b8b-a48b-8bcdcf8f2273