Siemens JTTK and JT Utilities

Plan Patch7.8ICS-CERT ICSA-21-350-20Dec 14, 2021

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

JTTK before version 10.8.1.1 and JT Utilities before version 12.8.1.1 contain buffer overflow and out-of-bounds read vulnerabilities (CWE-787, CWE-125) triggered by maliciously crafted JT files. When a user opens an affected file in the vulnerable software, the application may crash or arbitrary code may be executed with user privileges. These vulnerabilities are not remotely exploitable and require user interaction.

What this means

What could happen

An attacker who tricks a user into opening a malicious JT file could crash the application or execute arbitrary code on the user's workstation with the same privileges as the user running the software.

Who's at risk

Any organization using Siemens JT Open Toolkit (JTTK) or JT Utilities for CAD file viewing, particularly engineering teams that work with 3D design files. This includes manufacturing, process automation, and utilities sectors that use Siemens tools for plant design and documentation.

How it could be exploited

An attacker sends a crafted JT file (likely via email or a malicious website) to a user who has JTTK or JT Utilities installed. When the user opens the file with the affected software, the malicious content triggers a buffer overflow or out-of-bounds read that either crashes the application or allows code execution. This requires user interaction—the file must be opened manually.

Prerequisites

User must open a malicious JT file
Affected version of JTTK or JT Utilities must be installed and associated with .jt files
User must have permissions to execute code on their workstation

User interaction requiredLow exploitation complexityNo patch available yet for all usersOut-of-bounds memory access

Exploitability

Low exploit probability (EPSS 0.4%)

Affected products (2)

2 with fix

ProductAffected VersionsFix Status

JT Utilities<V12.8.1.112.8.1.1

JTTK<V10.8.1.110.8.1.1

Remediation & Mitigation

0/5

Do now

0/1

WORKAROUNDDo not open JT files from untrusted sources or unknown senders

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

JT Utilities

HOTFIXUpdate JT Utilities to version 12.8.1.1 or later

JTTK

HOTFIXUpdate JTTK to version 10.8.1.1 or later

Long-term hardening

0/2

HARDENINGEducate users to verify the source of JT files before opening them

HARDENINGConfigure email and web filters to block or quarantine .jt files from external sources

CVEs (2)

CVE-2021-44450 CVE-2021-44449

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/3bee291c-8f91-4423-a771-9328d68f127f