Siemens Teamcenter Visualization and JT2Go

Plan PatchCVSS 7.8ICS-CERT ICSA-22-349-20Dec 13, 2022

Siemens

Attack path

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

Siemens Teamcenter Visualization and JT2Go are vulnerable to multiple file parsing flaws in CGM and RAS file handling. When a user opens a crafted malicious file in either format, the vulnerable parser fails to properly validate the file structure. This can trigger a null pointer dereference, out-of-bounds read, heap or stack buffer overflow, use-after-free, integer division by zero, or integer overflow (CWE-476, CWE-125, CWE-787, CWE-416, CWE-369, CWE-770). The result is application crash or arbitrary code execution with the privileges of the user running the application.

What this means

What could happen

An attacker could craft a malicious CGM or RAS file that, when opened in Teamcenter Visualization or JT2Go, crashes the application or allows arbitrary code execution on the engineering workstation. This could disrupt design and manufacturing workflows or compromise the integrity of CAD/product data.

Who's at risk

Engineering and design teams using Siemens Teamcenter Visualization or JT2Go for CAD model viewing and design work. Affects manufacturing, automotive, aerospace, and other industries that rely on digital product design and simulation.

How it could be exploited

An attacker tricks a designer or engineer into opening a malicious CGM or RAS file (likely via email or file sharing). When the file is opened in the vulnerable application, the parser fails to properly validate the file structure, causing a crash or memory corruption that leads to code execution on the workstation with the user's privileges.

Prerequisites

User interaction required: victim must open a malicious CGM or RAS file
File access: attacker must deliver the malicious file to the victim (email, shared drive, etc.)
Target must have vulnerable version of Teamcenter Visualization or JT2Go installed

user interaction requiredlow complexity attackaffects engineering workstationsno authentication required to exploit if file is opened

Exploitability

Unlikely to be exploited — EPSS score 0.1%

Affected products (7)

7 with fix

ProductAffected VersionsFix Status

JT2Go<V14.1.0.614.1.0.6

Teamcenter Visualization V13.2<V13.2.0.1213.2.0.12

Teamcenter Visualization V13.3<V13.3.0.813.3.0.8

Teamcenter Visualization V13.3<V13.3.0.913.3.0.9

Teamcenter Visualization V14.0<V14.0.0.414.0.0.4

Teamcenter Visualization V14.0<V14.0.0.514.0.0.5

Teamcenter Visualization V14.1<V14.1.0.614.1.0.6

Remediation & Mitigation

0/7

Do now

0/1

JT2Go

WORKAROUNDInstruct users not to open untrusted CGM or RAS files in JT2Go and Teamcenter Visualization

Schedule — requires maintenance window

0/5

Patching may require device reboot — plan for process interruption

JT2Go

HOTFIXUpdate JT2Go to version 14.1.0.6 or later

Teamcenter Visualization V13.2

HOTFIXUpdate Teamcenter Visualization V13.2 to version 13.2.0.12 or later

Teamcenter Visualization V13.3

HOTFIXUpdate Teamcenter Visualization V13.3 to version 13.3.0.8 or later

Teamcenter Visualization V14.0

HOTFIXUpdate Teamcenter Visualization V14.0 to version 14.0.0.4 or later

Teamcenter Visualization V14.1

HOTFIXUpdate Teamcenter Visualization V14.1 to version 14.1.0.6 or later

Long-term hardening

0/1

HARDENINGImplement email filtering and user training to reduce social engineering attacks that deliver malicious files

CVEs (12)

CVE-2022-41279 CVE-2022-41280 CVE-2022-41283 CVE-2022-41278 CVE-2022-41281 CVE-2022-41282 CVE-2022-41284 CVE-2022-41285 CVE-2022-41286 CVE-2022-41287 CVE-2022-41288 CVE-2022-45484

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/a0bc7b11-5ade-4074-8db5-7d88da573b06

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.