Siemens NX JT Translator

Low Risk3.3ICS-CERT ICSA-21-315-12Nov 9, 2021

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

Siemens NX 1980 Series (versions before v1984) contains an out-of-bounds read vulnerability (CWE-125) in the JT file parser. When a user opens a malicious JT file, the application reads memory beyond allocated boundaries, potentially causing an access violation or arbitrary code execution on the engineering workstation.

What this means

What could happen

A user who opens a malicious JT file on an NX workstation could allow an attacker to execute arbitrary code on that machine with the privileges of the user. This could compromise design data, control system models, or provide a foothold into the engineering network.

Who's at risk

Design engineers and CAD operators who use Siemens NX 1980 Series on engineering workstations. This includes anyone in the design, manufacturing, or plant engineering departments who receives or uses JT files from external or untrusted sources.

How it could be exploited

An attacker crafts a malicious JT file and tricks an engineer into opening it using NX (via email, file sharing, or supply chain compromise). The vulnerable JT parser reads beyond buffer boundaries when processing the file, triggering code execution on the workstation where NX is running.

Prerequisites

User with NX installed (v1980 Series before v1984)
User must open a malicious JT file
Social engineering or delivery vector to get the file to the user

Requires user interaction (file open)Affects engineering workstations not directly controlling equipmentLow complexity exploitationSocial engineering vector

Exploitability

Low exploit probability (EPSS 0.2%)

Affected products (1)

ProductAffected VersionsFix Status

NX 1980 Series<V19841984

Remediation & Mitigation

0/4

Do now

0/1

WORKAROUNDTrain users not to open JT files from unknown or untrusted sources, including email attachments and unsolicited downloads

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate NX 1980 Series to version v1984 or later

Long-term hardening

0/2

HARDENINGImplement email filtering and attachment controls to block or quarantine JT files from external senders

HARDENINGRestrict file import sources and establish a trusted file repository for engineering teams

CVEs (2)

CVE-2021-41533 CVE-2021-41534

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/e1258980-4f8b-486e-a1ab-8d67fca941df