Siemens JT Open, JT Utilities, and Parasolid

Plan PatchCVSS 7.8ICS-CERT ICSA-23-047-12Feb 14, 2023

Siemens

Attack path

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

JT Open Toolkit, JT Utilities, and Parasolid contain memory corruption vulnerabilities (CWE-121, CWE-119, CWE-125) triggered while parsing JT files. If a user opens a malicious JT file with any affected product, the application may crash or arbitrary code execution may occur. The vulnerabilities affect JT Open (all versions before 11.2.3.0), JT Utilities (all versions before 13.2.3.0), and multiple versions of Parasolid (V34.0, V34.1, V35.0, V35.1). These are not remotely exploitable and require user interaction to open a crafted file.

What this means

What could happen

An attacker could craft a malicious JT file that, when opened by an engineer or technician, crashes the application or executes arbitrary commands with the privileges of the person who opened the file. This could affect design/engineering workflows or embedded systems that parse JT files for process control.

Who's at risk

Design and manufacturing teams who use Siemens JT Open Toolkit, JT Utilities, or Parasolid for 3D CAD/design work. This includes engineering workstations, PLM (product lifecycle management) systems, and embedded systems that parse JT files as part of engineering or process design workflows. Siemens automation engineering environments are most at risk.

How it could be exploited

An attacker creates a malicious JT file with crafted memory corruption payloads and tricks an engineer or technician into opening it using JT Open, JT Utilities, or Parasolid. The file parser fails to validate input properly, causing a buffer overflow or memory access violation. On systems with address space layout randomization (ASLR) disabled or in predictable environments, this could allow code execution in the context of the application user.

Prerequisites

User interaction required: engineer or technician must open the malicious JT file
Access to send files to the target user (email, USB, network share)
Application must be one of the affected versions of JT Open, JT Utilities, or Parasolid

User interaction required (social engineering dependency)Local exploitation only (not remotely exploitable)Low attack complexityCould lead to code execution or denial of serviceAffects engineering/design tools used across manufacturing and utility sectors

Exploitability

Unlikely to be exploited — EPSS score 0.1%

Affected products (7)

7 with fix

ProductAffected VersionsFix Status

JT Open<V11.2.3.011.2.3.0

JT Utilities<V13.2.3.013.2.3.0

Parasolid V34.0<V34.0.25234.0.252

Parasolid V34.0<V34.0.25434.0.254

Parasolid V34.1<V34.1.24234.1.242

Parasolid V35.0<V35.0.17035.0.170

Parasolid V35.1<V35.1.15035.1.150

Remediation & Mitigation

0/8

Do now

0/2

WORKAROUNDDo not open untrusted or unexpected JT files from external sources

HARDENINGEducate engineers and technicians on social engineering attacks and file-based attacks; warn against opening unsolicited files or clicking links in unexpected emails

Schedule — requires maintenance window

0/6

Patching may require device reboot — plan for process interruption

JT Open

HOTFIXUpdate JT Open to version 11.2.3.0 or later

JT Utilities

HOTFIXUpdate JT Utilities to version 13.2.3.0 or later

Parasolid V34.0

HOTFIXUpdate Parasolid V34.0 to version 34.0.254 or later

Parasolid V34.1

HOTFIXUpdate Parasolid V34.1 to version 34.1.242 or later

Parasolid V35.0

HOTFIXUpdate Parasolid V35.0 to version 35.0.170 or later

Parasolid V35.1

HOTFIXUpdate Parasolid V35.1 to version 35.1.150 or later

CVEs (3)

CVE-2022-47936 CVE-2022-47977 CVE-2023-25140

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/f8afed9c-6391-43d7-8ac3-165f49518d29

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.