Siemens JTTK and JT Utilities

Plan Patch7.8ICS-CERT ICSA-21-350-08Dec 14, 2021

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

JT Open Toolkit (JTTK) before V11.0.3.0 and JT Utilities before V13.0.3.0 contain multiple vulnerabilities (CWE-787 buffer overflow, CWE-416 use-after-free, CWE-125 out-of-bounds read) that can be triggered when the application reads a maliciously crafted JT file. If a user opens a malicious JT file, the application may crash or arbitrary code may be executed with the privileges of the user running the application.

What this means

What could happen

An attacker could trick an engineer or operator into opening a malicious JT file, causing the affected application to crash or potentially execute arbitrary code with the user's privileges. This could disrupt engineering workflows or, if the application runs with elevated privileges, compromise plant automation systems.

Who's at risk

Engineering teams and plant technicians who use Siemens JT Open Toolkit or JT Utilities to view and work with JT CAD/CAM files in design, maintenance, and asset management workflows. This includes facilities that rely on JT files for 3D model visualization of plant layouts, equipment, and industrial assets.

How it could be exploited

An attacker crafts a malicious JT file and tricks a user (engineer, operator, or technician) into opening it with JTTK or JT Utilities. The file triggers a buffer overflow, use-after-free, or out-of-bounds read vulnerability in the file parser, causing a crash or code execution in the context of the user running the application.

Prerequisites

User interaction required: the victim must open a malicious JT file
Access to deliver the malicious file to the target user (email, file share, USB, etc.)
JTTK or JT Utilities must be installed on the affected system

Requires user interaction (social engineering vector)Low complexity exploitAffects engineering workstations with potential access to OT systemsDefault risk: file format is commonly exchanged between trusted parties

Exploitability

Low exploit probability (EPSS 0.7%)

Affected products (2)

2 with fix

ProductAffected VersionsFix Status

JT Utilities<V13.0.3.013.0.3.0

JTTK<V11.0.3.011.0.3.0

Remediation & Mitigation

0/4

Do now

0/1

WORKAROUNDTrain users to avoid opening JT files from untrusted or unknown sources; implement policy requiring validation of JT files before opening

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

JT Utilities

HOTFIXUpdate JT Utilities to version 13.0.3.0 or later

JTTK

HOTFIXUpdate JTTK to version 11.0.3.0 or later

Long-term hardening

0/1

HARDENINGSegment engineering workstations on a protected network; restrict file transfer mechanisms (email, USB) where possible; implement application whitelisting or sandboxing for file preview

CVEs (3)

CVE-2021-44447 CVE-2021-44448 CVE-2021-44446

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/231becbd-85d1-4505-ad6d-2166aa40e9ca