Siemens JT Utilities and JT Open Toolkit

Plan Patch7.8ICS-CERT ICSA-21-350-17Dec 14, 2021

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

JT Open Toolkit (JTTK) versions before 11.1.1.0 and JT Utilities versions before 13.1.1.0 contain multiple memory corruption vulnerabilities (buffer overflow, out-of-bounds access, use-after-free) in the JT file parser. When a user opens a specially crafted JT file, these vulnerabilities can cause the application to crash or execute arbitrary code with user privileges. The vulnerabilities are triggered during file parsing and do not require network access or authentication. Siemens has released patches for both products.

What this means

What could happen

If a user opens a maliciously crafted JT file, the affected application could crash, causing loss of design work or process, or an attacker could execute arbitrary code on the engineering workstation with the same privileges as the user.

Who's at risk

Engineering and design teams who use Siemens JT Utilities or JT Open Toolkit to view, create, or modify JT format 3D model files. This affects design offices, CAD/CAM departments, and engineering workstations in manufacturing or process industries that rely on Siemens digital product representations.

How it could be exploited

An attacker sends or hosts a malicious JT file and tricks an operator or engineer into opening it with JT Utilities or JTTK. When the file is opened, the application parses crafted data that triggers a memory corruption vulnerability (buffer overflow or use-after-free), causing either a crash or code execution on the local machine.

Prerequisites

User interaction required: victim must open a malicious JT file
Local file access: the JT file must be readable by the affected application on the target machine
Affected JT Utilities or JTTK version installed on the engineering workstation or design computer

user interaction requiredlow complexity to exploit (malformed file)affects design/engineering workstationsno remote exploitation vector

Exploitability

Low exploit probability (EPSS 0.9%)

Affected products (2)

2 with fix

ProductAffected VersionsFix Status

JT Utilities<V13.1.1.013.1.1.0

JTTK<V11.1.1.011.1.1.0

Remediation & Mitigation

0/4

Do now

0/1

WORKAROUNDDo not open or execute JT files from untrusted or unknown sources without verification

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

JT Utilities

HOTFIXUpdate JT Utilities to version 13.1.1.0 or later

JTTK

HOTFIXUpdate JTTK to version 11.1.1.0 or later

Long-term hardening

0/1

HARDENINGSegment design and engineering workstations from production networks to limit lateral movement if code execution occurs

CVEs (16)

CVE-2021-44438 CVE-2021-44439 CVE-2021-44440 CVE-2021-44441 CVE-2021-44442 CVE-2021-44443 CVE-2021-44430 CVE-2021-44431 CVE-2021-44432 CVE-2021-44433 CVE-2021-44434 CVE-2021-44435 CVE-2021-44436 CVE-2021-44437 CVE-2021-44444 CVE-2021-44445

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/3d35cb44-2870-4c48-8d85-a73863f694b2