Siemens JT Open Toolkit and Simcenter Femap

Plan Patch7.8ICS-CERT ICSA-22-286-10Oct 11, 2022

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

JT Open Toolkit (JTTK) and Simcenter Femap contain an uninitialized pointer reference vulnerability in the JT file parser (CWE-824). When a user opens a malicious JT file with an affected version, the parser dereferences an uninitialized pointer, which could cause the application to crash or execute arbitrary code with the privileges of the user. The vulnerability requires user interaction to exploit (opening a file) but does not require network access. Siemens has released patched versions for all affected products.

What this means

What could happen

If a user opens a malicious JT file, the application could crash or potentially allow an attacker to execute arbitrary code on the engineering workstation. This could compromise design files, intellectual property, or the integrity of simulation/analysis used for plant operations.

Who's at risk

Engineering and design teams using Siemens JT Open Toolkit or Simcenter Femap for CAD/CAM work, 3D modeling, and simulations. This includes manufacturing engineering departments, process design groups, and anyone who creates or reviews JT format design files for industrial equipment or systems.

How it could be exploited

An attacker creates a malicious JT file and tricks a user into opening it using JTTK or Simcenter Femap (via email attachment, shared drive, or supply chain). When the file is parsed, an uninitialized pointer is dereferenced, causing either a crash or code execution with the privileges of the user running the application.

Prerequisites

User must open a malicious JT file with an affected version of JTTK or Simcenter Femap
Social engineering or supply chain compromise to deliver the malicious file
No special network access required

local code execution possibleuser interaction required (social engineering attack vector)affects engineering workstations and intellectual propertyuninitialized pointer flaw (memory safety issue)

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (3)

3 with fix

ProductAffected VersionsFix Status

JTTK<V11.1.1.011.1.1.0

Simcenter Femap V2022.1<V2022.1.32022.1.3

Simcenter Femap V2022.2<V2022.2.22022.2.2

Remediation & Mitigation

0/6

Do now

0/1

WORKAROUNDInstruct users not to open JT files from untrusted or unexpected sources, especially via email or unsolicited downloads

Schedule — requires maintenance window

0/3

Patching may require device reboot — plan for process interruption

Simcenter Femap V2022.1

HOTFIXUpdate Simcenter Femap V2022.1 to version 2022.1.3 or later

Simcenter Femap V2022.2

HOTFIXUpdate Simcenter Femap V2022.2 to version 2022.2.2 or later

All products

HOTFIXUpdate JT Open Toolkit to version 11.1.1.0 or later

Long-term hardening

0/2

JTTK

HARDENINGIsolate engineering workstations running JTTK or Simcenter Femap on a protected network segment with restricted inbound access

All products

HARDENINGImplement file transfer controls and code-of-practice for sharing JT files within your organization to prevent supply chain compromise

CVEs (1)

CVE-2022-41851

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/29756f4f-2d24-4bdc-ac8b-21b9d8651557