Siemens Teamcenter Visualization and JT2Go
Siemens Teamcenter Visualization and JT2Go contain multiple file parsing vulnerabilities (CWE-125 out-of-bounds read, CWE-476 null pointer dereference, CWE-121 stack-based buffer overflow) triggered when reading malicious CGM files. If a user opens a malicious CGM file, the application may crash or allow arbitrary code execution. The following products are affected: JT2Go (<V14.3.0.6), Teamcenter Visualization V13.3 (<V13.3.0.13), Teamcenter Visualization V14.1 (<V14.1.0.12), Teamcenter Visualization V14.2 (<V14.2.0.9), and Teamcenter Visualization V14.3 (<V14.3.0.6). These vulnerabilities are not remotely exploitable; user interaction is required.
- User interaction required: victim must open a malicious CGM file
- Local access to the workstation running JT2Go or Teamcenter Visualization
- Attacker must successfully socially engineer the user to open an untrusted file
Patching may require device reboot — plan for process interruption
/api/v1/advisories/4f65e404-198c-4b83-9e15-d4f401aeb2b6Get OT security insights every Tuesday
Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.