Siemens JT2GO and Teamcenter Visualization

Plan Patch7.8ICS-CERT ICSA-22-132-09May 10, 2022

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

Siemens JT2Go and Teamcenter Visualization contain multiple file parsing vulnerabilities in CGM, TIFF, and TG4 file handling. A user tricked into opening a malicious file could cause the application to crash or potentially execute arbitrary code. Affected versions: JT2Go before v13.3.0.3, Teamcenter Visualization v13.3 before v13.3.0.3, and Teamcenter Visualization v14.0 before v14.0.0.1.

What this means

What could happen

An attacker could trick an engineer or operator into opening a malicious document file, allowing the attacker to run arbitrary code on the workstation and potentially access or modify design data, plant configurations, or other sensitive information stored on the machine.

Who's at risk

Engineering and design teams who use Siemens JT2Go or Teamcenter Visualization to view and manage 3D design models and plant documentation. This includes design engineers, process engineers, and operators who may review CAD files, process diagrams, or technical drawings in CGM, TIFF, or TG4 format.

How it could be exploited

An attacker sends or hosts a malicious CGM, TIFF, or TG4 file and social engineers a user (via email, file sharing, or web link) to open it in JT2Go or Teamcenter Visualization. When opened, the file parsing vulnerability triggers, allowing code execution on the user's workstation.

Prerequisites

User interaction required: the file must be opened in the affected application by an engineer or authorized user
Attacker ability to deliver a malicious file via email, download link, or removable media
Local system access only—not remotely exploitable over the network

User interaction required (social engineering)File parsing vulnerability in multiple formatsLow EPSS score (0.4%)Not remotely exploitable over networkNo known public exploits

Exploitability

Low exploit probability (EPSS 0.4%)

Affected products (3)

3 with fix

ProductAffected VersionsFix Status

JT2Go<V13.3.0.313.3.0.3

Teamcenter Visualization V13.3<V13.3.0.313.3.0.3

Teamcenter Visualization V14.0<V14.0.0.114.0.0.1

Remediation & Mitigation

0/5

Do now

0/1

WORKAROUNDDo not open untrusted files (CGM, TIFF, TG4) from unknown sources in affected products

Schedule — requires maintenance window

0/3

Patching may require device reboot — plan for process interruption

JT2Go

HOTFIXUpdate JT2Go to version 13.3.0.3 or later

Teamcenter Visualization V13.3

HOTFIXUpdate Teamcenter Visualization v13.3 to version 13.3.0.3 or later

Teamcenter Visualization V14.0

HOTFIXUpdate Teamcenter Visualization v14.0 to version 14.0.0.1 or later

Long-term hardening

0/1

HARDENINGTrain users to avoid clicking web links and opening unsolicited attachments in email

CVEs (6)

CVE-2022-29028 CVE-2022-29029 CVE-2022-29030 CVE-2022-29031 CVE-2022-29032 CVE-2022-29033

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/54d0ea60-f33a-451a-b62d-3896f7742d62