Siemens Datalogics File Parsing Vulnerability

Plan Patch7.8ICS-CERT ICSA-22-195-07Jul 12, 2022

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

An out-of-bounds write vulnerability exists in the APDFL library used by Siemens Teamcenter Visualization and JT2Go. When a user opens a malicious PDF file with these products, the vulnerability could cause the application to crash or lead to arbitrary code execution.

What this means

What could happen

An attacker could trick a user into opening a malicious PDF file, causing the Teamcenter Visualization or JT2Go application to crash or allowing the attacker to run arbitrary code on the engineering workstation. This could compromise the integrity of CAD models or designs before they're deployed to manufacturing or control systems.

Who's at risk

Engineering teams and manufacturing personnel who use Siemens JT2Go or Teamcenter Visualization to review CAD models and design files. This includes automotive, aerospace, machinery, and any discrete manufacturing facility that relies on these tools for design review and simulation before deployment to production systems.

How it could be exploited

An attacker sends a malicious PDF file to an engineer or operator. When the user opens the PDF in JT2Go or Teamcenter Visualization, the vulnerable APDFL library fails to properly validate memory bounds during PDF parsing, triggering an out-of-bounds write. This can overwrite adjacent memory and either crash the application or allow code execution in the context of the logged-in user.

Prerequisites

User must open a malicious PDF file using JT2Go or Teamcenter Visualization
No special network access or credentials required
Affected product version must be installed on the workstation

Low complexity attackUser interaction required (social engineering)High impact if exploited (arbitrary code execution)Affects engineering workstations with access to design data

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (3)

3 with fix

ProductAffected VersionsFix Status

JT2Go<V13.3.0.513.3.0.5

Teamcenter Visualization V13.3<V13.3.0.513.3.0.5

Teamcenter Visualization V14.0<V14.0.0.214.0.0.2

Remediation & Mitigation

0/5

Do now

0/2

Teamcenter Visualization V14.0

WORKAROUNDFor Teamcenter Visualization V14.0, restrict users from opening untrusted or externally-sourced PDF files in the application until a patch is available

JT2Go

WORKAROUNDAdvise users to avoid opening PDF files from untrusted sources in JT2Go and Teamcenter Visualization

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

JT2Go

HOTFIXUpdate JT2Go to version 13.3.0.5 or later

Teamcenter Visualization V13.3

HOTFIXUpdate Teamcenter Visualization V13.3 to version 13.3.0.5 or later

Long-term hardening

0/1

HARDENINGIsolate engineering workstations running these tools from the Internet and implement firewall rules to restrict access to trusted networks only

CVEs (1)

CVE-2022-2069

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/d97c9056-3179-4632-bd34-f3bc4631fd2c