Siemens JT Open and JT Utilities
Plan Patch7.8ICS-CERT ICSA-23-103-02Apr 11, 2023
Attack VectorLocal
Auth RequiredNone
ComplexityLow
User InteractionRequired
Summary
JT Open Toolkit and JT Utilities are affected by a memory corruption vulnerability triggered while parsing JT files. If a user opens a malicious JT file, the application could crash or arbitrary code could execute with the user's privileges. Siemens has released updates to fix this issue.
What this means
What could happen
An attacker could craft a malicious JT file that, when opened by an engineering workstation user, crashes the application or executes arbitrary commands with the privileges of the user opening the file. This could compromise engineering workstations used to configure or monitor your SCADA systems.
Who's at risk
Engineering and operations staff at water utilities and electric utilities who use Siemens JT Open Toolkit or JT Utilities for CAD file viewing, design review, or SCADA/PLC programming on their workstations. Particularly relevant for asset management, plant design, and control system engineering teams.
How it could be exploited
An attacker sends a crafted JT file (via email, file share, or other means) to a user who works with JT Open or JT Utilities. When the user opens the malicious file, the memory corruption vulnerability in the JT parser triggers, causing code execution on the engineering workstation. From there, the attacker could access engineering tools, steal configuration files, or pivot to SCADA systems on the network.
Prerequisites
- User interaction: a staff member must be tricked into opening a malicious JT file
- Victim must have JT Open (version before 11.3.2.0) or JT Utilities (version before 13.3.0.0) installed on their workstation
- No authentication required; vulnerability is triggered during file parsing
Requires user interaction (social engineering vector)Memory corruption vulnerability can lead to arbitrary code executionAffects engineering workstations that may have access to SCADA or PLC configuration systemsNo authentication required
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (2)
2 with fix
ProductAffected VersionsFix Status
JT Open<V11.3.2.011.3.2.0
JT Utilities<V13.3.0.013.3.0.0
Remediation & Mitigation
0/5
Do now
0/2WORKAROUNDDo not open JT files from untrusted sources or unsolicited emails
HARDENINGEducate users on recognizing and avoiding email-based social engineering and phishing attacks
Schedule — requires maintenance window
0/2Patching may require device reboot — plan for process interruption
JT Open
HOTFIXUpdate JT Open to version 11.3.2.0 or later
JT Utilities
HOTFIXUpdate JT Utilities to version 13.3.0.0 or later
Long-term hardening
0/1HARDENINGIsolate engineering workstations from the business network and the Internet using firewalls and network segmentation
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/fae3815a-f0ed-400e-a118-688801c51a19