Siemens JT2Go and Teamcenter Visualization

Plan Patch7.8ICS-CERT ICSA-21-350-10Dec 14, 2021

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

Multiple memory safety vulnerabilities (CWE-787, CWE-457, CWE-125, CWE-193, CWE-416) in JT2Go and Teamcenter Visualization versions prior to 13.2.0.5 can be triggered by parsing maliciously crafted files in PDF, JT, TIFF, CGM, or TIF formats. Successful exploitation requires a user to open the malicious file, but could result in application crash or arbitrary code execution with user privileges. No public exploits are currently known, and these vulnerabilities are not remotely exploitable.

What this means

What could happen

An attacker who tricks a user into opening a maliciously crafted file (PDF, JT, TIFF, CGM, or TIF) in JT2Go or Teamcenter Visualization could crash the application or execute arbitrary code on the user's workstation, potentially compromising engineering data or control system design files.

Who's at risk

Engineering and CAD teams who use JT2Go or Teamcenter Visualization to view design models. This includes Siemens automation engineers, control system integrators, and facility design staff who handle CAD files, technical drawings, and product documentation. The risk is highest for personnel who receive files from external consultants, vendors, or partners.

How it could be exploited

An attacker sends a user a malicious file via email or file share disguised as a legitimate CAD model, PDF, or image. When the user opens it with JT2Go or Teamcenter Visualization, a buffer overflow or use-after-free flaw in the file parser triggers code execution with the privileges of the logged-in user.

Prerequisites

User must open a maliciously crafted file (PDF, JT, TIFF, CGM, or TIF) with JT2Go or Teamcenter Visualization
Social engineering or file delivery mechanism (email, USB, file share) to reach the user
No special privileges or network access required on the target system

Low complexity exploitationUser interaction required (file must be opened)Affects workstations with engineering design toolsLocal code execution possibleSocial engineering attack vector

Exploitability

Low exploit probability (EPSS 0.6%)

Affected products (2)

2 with fix

ProductAffected VersionsFix Status

JT2Go<V13.2.0.513.2.0.5

Teamcenter Visualization<V13.2.0.513.2.0.5

Remediation & Mitigation

0/5

Do now

0/1

JT2Go

WORKAROUNDRestrict users from opening files from untrusted sources or unknown origins in JT2Go and Teamcenter Visualization

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

JT2Go

HOTFIXUpdate JT2Go to version 13.2.0.5 or later

Teamcenter Visualization

HOTFIXUpdate Teamcenter Visualization to version 13.2.0.5 or later

Long-term hardening

0/2

JT2Go

HARDENINGSegment engineering workstations running JT2Go or Teamcenter Visualization from general IT networks

All products

HARDENINGImplement file transfer controls (e.g., block certain file types via email gateway) for PDF, JT, TIFF, CGM, and TIF files from external sources

CVEs (16)

CVE-2021-44001 CVE-2021-44002 CVE-2021-44003 CVE-2021-44004 CVE-2021-44005 CVE-2021-44006 CVE-2021-44014 CVE-2021-44017 CVE-2021-44007 CVE-2021-44008 CVE-2021-44009 CVE-2021-44010 CVE-2021-44011 CVE-2021-44012 CVE-2021-44013 CVE-2021-44015

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/19c7b50b-147f-42d5-bc22-4ca3a7715a25