Siemens Teamcenter Visualization and JT2Go
Plan Patch7.8ICS-CERT ICSA-24-137-03May 14, 2024
Attack VectorLocal
Auth RequiredNone
ComplexityLow
User InteractionRequired
Summary
Teamcenter Visualization (V14.1, V14.2, V14.3, V2312) and JT2Go contain buffer overflow vulnerabilities (CWE-121, CWE-787) in their file parsers. When a user opens a malicious CGM (Computer Graphics Metafile) or XML file, the affected applications fail to properly validate or handle the file structure, leading to memory corruption. This could result in application crash (denial of service) or arbitrary code execution in the context of the application user. The vulnerability requires user interaction—a user must be tricked into opening the malicious file. No remote exploitation is possible.
What this means
What could happen
An attacker could trick a user into opening a malicious CGM or XML file in Teamcenter Visualization or JT2Go, potentially executing arbitrary code on the user's workstation or crashing the application and disrupting design/visualization workflows.
Who's at risk
Engineering and design teams using Siemens Teamcenter Visualization (versions 14.1, 14.2, 14.3, and 2312) or JT2Go for CAD/design file visualization. This affects workstations in product development environments, manufacturing engineering departments, and any organization that uses JT file format viewers for design collaboration.
How it could be exploited
An attacker sends a crafted CGM or XML file to a user and tricks them into opening it with Teamcenter Visualization or JT2Go. The vulnerable file parser mishandles memory during file parsing, triggering a buffer overflow or similar memory corruption that could allow code execution in the context of the application.
Prerequisites
- User must open a malicious CGM or XML file attachment
- Must have Teamcenter Visualization or JT2Go installed and executable on the user's workstation
- No elevated privileges required
User interaction required (social engineering via file attachment)Low complexity attackMemory corruption vulnerability (buffer overflow)Affects workstation/engineering tools (not direct ICS control, but part of engineering chain)
Exploitability
Low exploit probability (EPSS 0.2%)
Affected products (5)
5 with fix
ProductAffected VersionsFix Status
JT2Go<V2312.00012312.0001
Teamcenter Visualization V14.1<V14.1.0.1314.1.0.13
Teamcenter Visualization V14.2<V14.2.0.1014.2.0.10
Teamcenter Visualization V14.3<V14.3.0.714.3.0.7
Teamcenter Visualization V2312<V2312.00012312.0001
Remediation & Mitigation
0/7
Do now
0/2HARDENINGTrain users not to open untrusted XML or CGM files from unsolicited email or external sources
WORKAROUNDDisable opening of CGM and XML files in these applications if not required for operations
Schedule — requires maintenance window
0/5Patching may require device reboot — plan for process interruption
JT2Go
HOTFIXUpdate JT2Go to V2312.0001 or later
Teamcenter Visualization V14.1
HOTFIXUpdate Teamcenter Visualization V14.1 to V14.1.0.13 or later
Teamcenter Visualization V14.2
HOTFIXUpdate Teamcenter Visualization V14.2 to V14.2.0.10 or later
Teamcenter Visualization V14.3
HOTFIXUpdate Teamcenter Visualization V14.3 to V14.3.0.7 or later
Teamcenter Visualization V2312
HOTFIXUpdate Teamcenter Visualization V2312 to V2312.0001 or later
CVEs (2)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/414803e3-6525-4c09-ac1c-a5fdfa00bbf6