Siemens JT Utilities

Monitor5.5ICS-CERT ICSA-21-194-09Jul 13, 2021

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

Siemens JT Utilities versions prior to 13.0.2.0 contain improper input handling and null pointer dereference vulnerabilities (CWE-688, CWE-476) that can be triggered when opening specially crafted JT files. The vulnerabilities cause the application to crash or become unresponsive. These vulnerabilities are not remotely exploitable and require user interaction to open a malicious file.

What this means

What could happen

An attacker who tricks an operator into opening a malicious JT file could cause the JT Utilities application to crash or become unresponsive, disrupting the operator's ability to view or work with engineering design files. This could delay troubleshooting or process modifications at your facility.

Who's at risk

Engineering and maintenance staff at any facility using Siemens JT Utilities for design file viewing and management. This affects anyone who receives or handles JT files as part of plant engineering work, including facilities that use JT files for equipment design, process documentation, or CAD interchange.

How it could be exploited

An attacker sends a crafted JT file (via email, USB, or file share) to an operator. When the operator opens the file in JT Utilities, the malicious file content triggers a null pointer dereference or improper input handling, causing the application to crash. The attacker relies on social engineering to convince the operator to open the untrusted file.

Prerequisites

User must open a malicious JT file in JT Utilities
File must be delivered to the operator (no remote delivery mechanism in the vulnerability itself)
User interaction required - operator must consciously open the file

User interaction required to exploitAttacker must use social engineering to deliver fileLow attack complexityApplication-level denial of service only (not safety-critical unless JT Utilities is part of safety system workflow)Patch available from vendor

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (1)

ProductAffected VersionsFix Status

JT Utilities<V13.0.2.013.0.2.0

Remediation & Mitigation

0/3

Do now

0/1

WORKAROUNDEstablish a policy to avoid opening JT files from untrusted or unknown sources; implement user training to recognize and reject suspicious file delivery

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate JT Utilities to version 13.0.2.0 or later

Long-term hardening

0/1

HARDENINGSegment engineering workstation networks from operational networks and implement network-level file transfer controls

CVEs (3)

CVE-2021-33713 CVE-2021-33714 CVE-2021-33715

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/9331e650-ed98-4272-aa4c-f1c084e81ca2