OTPulse

Siemens Teamcenter Visualization and JT2Go

Plan PatchCVSS 7.8ICS-CERT ICSA-22-314-09Nov 8, 2022
Siemens
Attack path
Attack VectorLocal
Auth RequiredNone
ComplexityLow
User InteractionRequired
Summary

Siemens Teamcenter Visualization (V13.2, V13.3, V14.0, V14.1) and JT2Go contain multiple file parsing vulnerabilities in their TIF, CGM, and PDF file handlers. These vulnerabilities include buffer overflows (CWE-122, CWE-787, CWE-121), out-of-bounds reads (CWE-125), and use-after-free conditions (CWE-416). When a user opens a malicious file in one of these formats, the application may crash or allow arbitrary code execution with the privileges of the user running the application. No public exploits are known, and the vulnerabilities are not remotely exploitable on their own.

What this means
What could happen
An attacker could trick a user into opening a malicious file (TIF, CGM, or PDF) that causes the Teamcenter Visualization or JT2Go application to crash or execute arbitrary code on the engineering workstation, potentially compromising the design/planning environment and any connected systems.
Who's at risk
Engineering and design teams using Siemens Teamcenter Visualization or JT2Go for CAD/PLM workflows. This affects workstations where engineers, technicians, and planners view and edit industrial design files. Manufacturing, utilities, and process industries that use Siemens design tools are at risk if users receive malicious files via email or file sharing.
How it could be exploited
An attacker sends a malicious TIF, CGM, or PDF file to a user and tricks them into opening it with JT2Go or Teamcenter Visualization. The application parses the malicious file, triggering a buffer overflow or use-after-free vulnerability that allows the attacker to run code on the workstation with the user's privileges.
Prerequisites
  • User must open a malicious file attachment or download
  • File must be in TIF, CGM, or PDF format
  • Vulnerable version of JT2Go or Teamcenter Visualization must be installed
  • No special network access or credentials required
Low attack complexity (user must open file)No authentication requiredUser interaction required (user must open malicious file)Could lead to arbitrary code executionAffects engineering workstations that may have access to control systems or sensitive design data
Exploitability
Unlikely to be exploited — EPSS score 0.1%
Affected products (6)
6 with fix
ProductAffected VersionsFix Status
JT2Go<V14.1.0.414.1.0.4
Teamcenter Visualization V13.2<V13.2.0.1213.2.0.12
Teamcenter Visualization V13.3<V13.3.0.713.3.0.7
Teamcenter Visualization V13.3≥ V13.3.0.7<V13.3.0.813.3.0.8
Teamcenter Visualization V14.0<V14.0.0.314.0.0.3
Teamcenter Visualization V14.1<V14.1.0.414.1.0.4
Remediation & Mitigation
0/8
Do now
0/1
JT2Go
WORKAROUNDDo not open untrusted CGM, TIF, or PDF files in JT2Go and Teamcenter Visualization
Schedule — requires maintenance window
0/5

Patching may require device reboot — plan for process interruption

JT2Go
HOTFIXUpdate JT2Go to version 14.1.0.4 or later
Teamcenter Visualization V13.2
HOTFIXUpdate Teamcenter Visualization V13.2 to version 13.2.0.12 or later
Teamcenter Visualization V13.3
HOTFIXUpdate Teamcenter Visualization V13.3 to version 13.3.0.8 or later
Teamcenter Visualization V14.0
HOTFIXUpdate Teamcenter Visualization V14.0 to version 14.0.0.3 or later
Teamcenter Visualization V14.1
HOTFIXUpdate Teamcenter Visualization V14.1 to version 14.1.0.4 or later
Long-term hardening
0/2
HARDENINGRestrict network access to devices running these applications with firewall rules and VPN requirements
HARDENINGConfigure the IT environment according to Siemens Operational Guidelines for Industrial Security
View full CISA ICS-CERT advisory
API: /api/v1/advisories/6b572b5f-e605-43c4-9f9d-f1295d27f722

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.

Siemens Teamcenter Visualization and JT2Go | CVSS 7.8 - OTPulse