OTPulse

Siemens Teamcenter Visualization and JT2Go

Plan PatchCVSS 7.8ICS-CERT ICSA-23-166-14Jun 13, 2023
Siemens
Attack path
Attack VectorLocal
Auth RequiredNone
ComplexityLow
User InteractionRequired
Summary

Siemens Teamcenter Visualization and JT2Go are affected by multiple file parsing vulnerabilities in the handling of CGM (Computer Graphics Metafile) format files. These vulnerabilities include null pointer dereference (CWE-476), out-of-bounds read (CWE-125), and buffer overflow (CWE-119). When a user opens a malicious CGM file with an affected product, the application may crash or potentially execute arbitrary code on the user's workstation. The vulnerabilities are triggered during file parsing and require user interaction—a user must be tricked into opening a malicious CGM file.

What this means
What could happen
An attacker could craft a malicious CGM file that, when opened by an engineer in Teamcenter Visualization or JT2Go, crashes the application or runs arbitrary code on the engineering workstation. This could compromise the workstation used to design, visualize, or plan industrial processes.
Who's at risk
Organizations using Teamcenter Visualization (versions 13.2 through 14.2) or JT2Go (versions prior to 14.1.0.4) for CAD/CAM visualization and product data management should care about this issue. Engineering teams, design departments, and anyone who reviews or opens CGM files in these applications are at risk. The issue is most relevant to manufacturing, industrial design, and process engineering departments that use Siemens PLM software.
How it could be exploited
An attacker creates a malicious CGM file and tricks an engineer into opening it using Teamcenter Visualization or JT2Go (via email, file sharing, or supply chain compromise). The application parses the malformed CGM file, triggering a null pointer dereference, buffer overflow, or out-of-bounds read. The application crashes or, in the worst case, executes attacker code on the engineering workstation with the user's privileges.
Prerequisites
  • User must open a malicious CGM file in Teamcenter Visualization or JT2Go
  • User interaction required—attacker must trick the engineer to open the file
  • No special credentials or network access required
User interaction requiredLow complexity exploitAffects engineering workstationsCan lead to arbitrary code executionSocial engineering vector (malicious file distribution)
Exploitability
Unlikely to be exploited — EPSS score 0.1%
Affected products (6)
6 with fix
ProductAffected VersionsFix Status
Teamcenter Visualization V13.2<V13.2.0.1313.2.0.13
Teamcenter Visualization V13.3<V13.3.0.1013.3.0.10
Teamcenter Visualization V14.0<V14.0.0.614.0.0.6
Teamcenter Visualization V14.1<V14.1.0.814.1.0.8
Teamcenter Visualization V14.2<V14.2.0.314.2.0.3
JT2Go<V14.2.0.314.1.0.4
Remediation & Mitigation
0/8
Do now
0/2
JT2Go
WORKAROUNDDo not open untrusted or unsolicited CGM files in Teamcenter Visualization or JT2Go
All products
HARDENINGEducate engineering staff to avoid opening CGM files from untrusted sources and to be wary of unsolicited emails with file attachments
Schedule — requires maintenance window
0/6

Patching may require device reboot — plan for process interruption

Teamcenter Visualization V13.2
HOTFIXUpdate Teamcenter Visualization V13.2 to version 13.2.0.13 or later
Teamcenter Visualization V13.3
HOTFIXUpdate Teamcenter Visualization V13.3 to version 13.3.0.10 or later
Teamcenter Visualization V14.0
HOTFIXUpdate Teamcenter Visualization V14.0 to version 14.0.0.6 or later
Teamcenter Visualization V14.1
HOTFIXUpdate Teamcenter Visualization V14.1 to version 14.1.0.8 or later
Teamcenter Visualization V14.2
HOTFIXUpdate Teamcenter Visualization V14.2 to version 14.2.0.3 or later
JT2Go
HOTFIXUpdate JT2Go to version 14.1.0.4 or later
View full CISA ICS-CERT advisory
API: /api/v1/advisories/50387a68-1b45-43ec-aa51-535b1f1aef9b

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.