Siemens Teamcenter Visualization and JT2Go

Plan Patch7.8ICS-CERT ICSA-22-314-09Nov 8, 2022

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

Siemens Teamcenter Visualization (V13.2, V13.3, V14.0, V14.1) and JT2Go contain multiple file parsing vulnerabilities in their TIF, CGM, and PDF file handlers. These vulnerabilities include buffer overflows (CWE-122, CWE-787, CWE-121), out-of-bounds reads (CWE-125), and use-after-free conditions (CWE-416). When a user opens a malicious file in one of these formats, the application may crash or allow arbitrary code execution with the privileges of the user running the application. No public exploits are known, and the vulnerabilities are not remotely exploitable on their own.

What this means

What could happen

An attacker could trick a user into opening a malicious file (TIF, CGM, or PDF) that causes the Teamcenter Visualization or JT2Go application to crash or execute arbitrary code on the engineering workstation, potentially compromising the design/planning environment and any connected systems.

Who's at risk

Engineering and design teams using Siemens Teamcenter Visualization or JT2Go for CAD/PLM workflows. This affects workstations where engineers, technicians, and planners view and edit industrial design files. Manufacturing, utilities, and process industries that use Siemens design tools are at risk if users receive malicious files via email or file sharing.

How it could be exploited

An attacker sends a malicious TIF, CGM, or PDF file to a user and tricks them into opening it with JT2Go or Teamcenter Visualization. The application parses the malicious file, triggering a buffer overflow or use-after-free vulnerability that allows the attacker to run code on the workstation with the user's privileges.

Prerequisites

User must open a malicious file attachment or download
File must be in TIF, CGM, or PDF format
Vulnerable version of JT2Go or Teamcenter Visualization must be installed
No special network access or credentials required

Low attack complexity (user must open file)No authentication requiredUser interaction required (user must open malicious file)Could lead to arbitrary code executionAffects engineering workstations that may have access to control systems or sensitive design data

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (6)

6 with fix

ProductAffected VersionsFix Status

JT2Go<V14.1.0.414.1.0.4

Teamcenter Visualization V13.2<V13.2.0.1213.2.0.12

Teamcenter Visualization V13.3<V13.3.0.713.3.0.7

Teamcenter Visualization V13.3≥ V13.3.0.7<V13.3.0.813.3.0.8

Teamcenter Visualization V14.0<V14.0.0.314.0.0.3

Teamcenter Visualization V14.1<V14.1.0.414.1.0.4

Remediation & Mitigation

0/8

Do now

0/1

JT2Go

WORKAROUNDDo not open untrusted CGM, TIF, or PDF files in JT2Go and Teamcenter Visualization

Schedule — requires maintenance window

0/5

Patching may require device reboot — plan for process interruption

JT2Go

HOTFIXUpdate JT2Go to version 14.1.0.4 or later

Teamcenter Visualization V13.2

HOTFIXUpdate Teamcenter Visualization V13.2 to version 13.2.0.12 or later

Teamcenter Visualization V13.3

HOTFIXUpdate Teamcenter Visualization V13.3 to version 13.3.0.8 or later

Teamcenter Visualization V14.0

HOTFIXUpdate Teamcenter Visualization V14.0 to version 14.0.0.3 or later

Teamcenter Visualization V14.1

HOTFIXUpdate Teamcenter Visualization V14.1 to version 14.1.0.4 or later

Long-term hardening

0/2

HARDENINGRestrict network access to devices running these applications with firewall rules and VPN requirements

HARDENINGConfigure the IT environment according to Siemens Operational Guidelines for Industrial Security

CVEs (6)

CVE-2022-39136 CVE-2022-41660 CVE-2022-41661 CVE-2022-41662 CVE-2022-41663 CVE-2022-41664

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/6b572b5f-e605-43c4-9f9d-f1295d27f722