Siemens Teamcenter Visualization and JT2Go

Plan PatchCVSS 7.8ICS-CERT ICSA-22-349-15Dec 13, 2022

Siemens

Attack path

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

Multiple out-of-bounds write vulnerabilities exist in the APDFL library used by Siemens Teamcenter Visualization (versions V13.3 before 13.3.0.8, V14.0 before 14.0.0.4, and V14.1 before 14.1.0.5) and JT2Go (before 14.1.0.5). If a user opens a malicious PDF file with these products, the vulnerable code in the embedded PDF parsing library can write out of bounds in process memory, potentially causing application crash or arbitrary code execution. The vulnerability requires user interaction—an attacker must trick a user into opening a specifically crafted PDF file.

What this means

What could happen

An attacker could trick a user into opening a malicious PDF file in Teamcenter Visualization or JT2Go, causing the application to crash or potentially running arbitrary code with the user's privileges on the engineering workstation.

Who's at risk

Engineering and design teams using Siemens Teamcenter Visualization or JT2Go for viewing and managing 3D models and technical drawings. This includes design engineers, plant engineers, and technicians who routinely open PDF documents or CAD files as part of their workflow.

How it could be exploited

An attacker crafts a malicious PDF file containing out-of-bounds write payloads targeting the embedded APDFL library. The attacker tricks or socially engineers a user (engineer, designer, or operator) into opening the PDF with JT2Go or Teamcenter Visualization. The vulnerable PDF parsing code executes, writing out of bounds in memory and either crashing the application or executing arbitrary code.

Prerequisites

User must open a malicious PDF file using JT2Go or Teamcenter Visualization
Attack delivered via email, file sharing, or social engineering
No network access required, local user interaction required

Requires user interaction (PDF must be opened)Low complexity exploitationAffects engineering workstations which may have access to OT networksCould lead to code execution on trusted engineering systems

Exploitability

Unlikely to be exploited — EPSS score 0.2%

Affected products (4)

4 with fix

ProductAffected VersionsFix Status

JT2Go<V14.1.0.514.1.0.5

Teamcenter Visualization V13.3<V13.3.0.813.3.0.8

Teamcenter Visualization V14.0<V14.0.0.414.0.0.4

Teamcenter Visualization V14.1<V14.1.0.514.1.0.5

Remediation & Mitigation

0/7

Do now

0/2

JT2Go

WORKAROUNDDo not open untrusted or unexpected PDF files in JT2Go and Teamcenter Visualization

All products

HARDENINGTrain users not to open PDF files from unknown or untrusted sources

Schedule — requires maintenance window

0/4

Patching may require device reboot — plan for process interruption

JT2Go

HOTFIXUpdate JT2Go to version 14.1.0.5 or later

Teamcenter Visualization V13.3

HOTFIXUpdate Teamcenter Visualization V13.3 to version 13.3.0.8 or later

Teamcenter Visualization V14.0

HOTFIXUpdate Teamcenter Visualization V14.0 to version 14.0.0.4 or later

Teamcenter Visualization V14.1

HOTFIXUpdate Teamcenter Visualization V14.1 to version 14.1.0.5 or later

Long-term hardening

0/1

HARDENINGSegment engineering workstations from the production network

CVEs (3)

CVE-2022-3159 CVE-2022-3160 CVE-2022-3161

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/6f6b62e6-a238-497b-896d-80384377627b

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.