Siemens JT Open, JT Utilities, and Parasolid
Plan Patch7.8ICS-CERT ICSA-23-047-12Feb 14, 2023
Attack VectorLocal
Auth RequiredNone
ComplexityLow
User InteractionRequired
Summary
JT Open Toolkit, JT Utilities, and Parasolid contain memory corruption vulnerabilities (CWE-121, CWE-119, CWE-125) triggered while parsing JT files. If a user opens a malicious JT file with any affected product, the application may crash or arbitrary code execution may occur. The vulnerabilities affect JT Open (all versions before 11.2.3.0), JT Utilities (all versions before 13.2.3.0), and multiple versions of Parasolid (V34.0, V34.1, V35.0, V35.1). These are not remotely exploitable and require user interaction to open a crafted file.
What this means
What could happen
An attacker could craft a malicious JT file that, when opened by an engineer or technician, crashes the application or executes arbitrary commands with the privileges of the person who opened the file. This could affect design/engineering workflows or embedded systems that parse JT files for process control.
Who's at risk
Design and manufacturing teams who use Siemens JT Open Toolkit, JT Utilities, or Parasolid for 3D CAD/design work. This includes engineering workstations, PLM (product lifecycle management) systems, and embedded systems that parse JT files as part of engineering or process design workflows. Siemens automation engineering environments are most at risk.
How it could be exploited
An attacker creates a malicious JT file with crafted memory corruption payloads and tricks an engineer or technician into opening it using JT Open, JT Utilities, or Parasolid. The file parser fails to validate input properly, causing a buffer overflow or memory access violation. On systems with address space layout randomization (ASLR) disabled or in predictable environments, this could allow code execution in the context of the application user.
Prerequisites
- User interaction required: engineer or technician must open the malicious JT file
- Access to send files to the target user (email, USB, network share)
- Application must be one of the affected versions of JT Open, JT Utilities, or Parasolid
User interaction required (social engineering dependency)Local exploitation only (not remotely exploitable)Low attack complexityCould lead to code execution or denial of serviceAffects engineering/design tools used across manufacturing and utility sectors
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (7)
7 with fix
ProductAffected VersionsFix Status
JT Open<V11.2.3.011.2.3.0
JT Utilities<V13.2.3.013.2.3.0
Parasolid V34.0<V34.0.25234.0.252
Parasolid V34.0<V34.0.25434.0.254
Parasolid V34.1<V34.1.24234.1.242
Parasolid V35.0<V35.0.17035.0.170
Parasolid V35.1<V35.1.15035.1.150
Remediation & Mitigation
0/8
Do now
0/2WORKAROUNDDo not open untrusted or unexpected JT files from external sources
HARDENINGEducate engineers and technicians on social engineering attacks and file-based attacks; warn against opening unsolicited files or clicking links in unexpected emails
Schedule — requires maintenance window
0/6Patching may require device reboot — plan for process interruption
JT Open
HOTFIXUpdate JT Open to version 11.2.3.0 or later
JT Utilities
HOTFIXUpdate JT Utilities to version 13.2.3.0 or later
Parasolid V34.0
HOTFIXUpdate Parasolid V34.0 to version 34.0.254 or later
Parasolid V34.1
HOTFIXUpdate Parasolid V34.1 to version 34.1.242 or later
Parasolid V35.0
HOTFIXUpdate Parasolid V35.0 to version 35.0.170 or later
Parasolid V35.1
HOTFIXUpdate Parasolid V35.1 to version 35.1.150 or later
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/f8afed9c-6391-43d7-8ac3-165f49518d29