Siemens NX OBJ Translator

Plan Patch7.8ICS-CERT ICSA-21-315-08Nov 9, 2021

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

Siemens NX contains two memory safety vulnerabilities (CWE-416: use-after-free, CWE-824: out-of-bounds access) that are triggered when the application reads OBJ (3D object) files. If a user opens a malicious OBJ file, it could cause an access violation or arbitrary code execution on the host system. The vulnerabilities affect NX 1953 Series versions before 1973.3700 and NX 1980 Series versions before 1988.

What this means

What could happen

An attacker could craft a malicious OBJ file that, when opened in Siemens NX, crashes the application or executes arbitrary code on the engineering workstation. This could compromise design data, introduce malicious modifications to CAD models, or use the workstation as a pivot point into your network.

Who's at risk

Siemens NX users in design and engineering departments, particularly those who receive CAD files from external sources, customers, or suppliers. Affects organizations using NX 1953 Series (before v1973.3700) or NX 1980 Series (before v1988) on Windows engineering workstations.

How it could be exploited

An attacker sends or hosts a malicious OBJ file and tricks an engineer into opening it with NX (via email, file sharing, or compromised repository). When the file is opened, the application reads the malicious content and either crashes or executes the attacker's code with the same privileges as the NX user.

Prerequisites

User must manually open a malicious OBJ file in Siemens NX
File must be crafted to trigger memory safety vulnerability (use-after-free or out-of-bounds access)
Applies only to unpatched NX 1953 Series (before v1973.3700) or NX 1980 Series (before v1988)

Low attack complexity (malicious OBJ file triggers vulnerability automatically)Requires user interaction (social engineering to open file)High impact if exploited (code execution on engineering workstation)Not remotely exploitable (file must be manually opened)No authentication required

Exploitability

Low exploit probability (EPSS 0.6%)

Affected products (2)

2 with fix

ProductAffected VersionsFix Status

NX 1953 Series<V1973.37001973.3700

NX 1980 Series<V19881988

Remediation & Mitigation

0/5

Do now

0/2

WORKAROUNDInstruct users to avoid opening OBJ files from untrusted sources or unknown senders

WORKAROUNDDisable automatic file preview or opening of OBJ files if possible within NX settings

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

NX 1953 Series

HOTFIXUpdate NX 1953 Series to version 1973.3700 or later

NX 1980 Series

HOTFIXUpdate NX 1980 Series to version 1988 or later

Long-term hardening

0/1

HARDENINGRestrict network access to engineering workstations and use firewall rules to limit inbound file transfer protocols

CVEs (2)

CVE-2021-41535 CVE-2021-41538

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/7b1c9872-f300-4672-ba2a-d0abfae0d426