Open Design Alliance Drawings SDK

Plan Patch7.8ICS-CERT ICSA-22-195-11Jul 12, 2022

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

JT2Go and Teamcenter Visualization are affected by multiple file parsing vulnerabilities in the Open Design Alliance Drawings SDK that handle DWG files. If a user opens a malicious DWG file with any of the affected products, the application could crash or potentially allow arbitrary code execution. The vulnerabilities are in the Drawings SDK components and are triggered during file parsing when a specially crafted DWG is opened.

What this means

What could happen

If an operator opens a malicious DWG file, the affected Siemens visualization software could crash, become unresponsive, or allow an attacker to execute arbitrary code on the engineering workstation. This could disrupt engineering operations or compromise the integrity of design files.

Who's at risk

Engineering and design teams who use Siemens JT2Go or Teamcenter Visualization software to view or edit AutoCAD drawing files (DWG format). This includes utilities with CAD-based design workflows for industrial equipment, infrastructure, and control system diagrams.

How it could be exploited

An attacker sends a malicious DWG (AutoCAD drawing) file to an operator via email or file share. When the operator opens the file in JT2Go or Teamcenter Visualization to review or edit drawings, the application crashes or executes the attacker's code on the workstation. The attacker gains the same privileges as the user running the application.

Prerequisites

User must open a malicious DWG file using affected Siemens product
DWG file must be crafted to exploit specific file parsing vulnerability in Open Design Alliance Drawings SDK

Low complexity attackUser interaction required (opening malicious file)No authentication required to exploit

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (5)

5 with fix

ProductAffected VersionsFix Status

JT2Go<V13.3.0.513.3.0.5

Teamcenter Visualization V12.4<V12.4.0.1512.4.0.15

Teamcenter Visualization V13.2<V13.2.0.913.2.0.9

Teamcenter Visualization V13.3<V13.3.0.513.3.0.5

Teamcenter Visualization V14.0<V14.0.0.214.0.0.2

Remediation & Mitigation

0/7

Do now

0/2

WORKAROUNDTrain operators not to open DWG files from untrusted sources; restrict file sharing to authorized channels only

HARDENINGImplement email filtering and attachment controls to block or quarantine DWG files from external senders

Schedule — requires maintenance window

0/5

Patching may require device reboot — plan for process interruption

JT2Go

HOTFIXUpdate JT2Go to version 13.3.0.5 or later

Teamcenter Visualization V12.4

HOTFIXUpdate Teamcenter Visualization V12.4 to version 12.4.0.15 or later

Teamcenter Visualization V13.2

HOTFIXUpdate Teamcenter Visualization V13.2 to version 13.2.0.9 or later

Teamcenter Visualization V13.3

HOTFIXUpdate Teamcenter Visualization V13.3 to version 13.3.0.5 or later

Teamcenter Visualization V14.0

HOTFIXUpdate Teamcenter Visualization V14.0 to version 14.0.0.2 or later

CVEs (3)

CVE-2022-28807 CVE-2022-28808 CVE-2022-28809

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/c673dbb3-3198-47af-b1fd-9a5c76e42725