Siemens Teamcenter Visualization and JT2Go

Plan Patch7.8ICS-CERT ICSA-24-165-08Jun 11, 2024

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

Teamcenter Visualization and JT2Go are vulnerable to out-of-bounds read, stack exhaustion, and null pointer dereference vulnerabilities when processing X_T format files. If a user opens a crafted malicious X_T file, an attacker could execute arbitrary code in the context of the application. Siemens has released patched versions for most affected products; however, Teamcenter Visualization V14.2 has no fix planned.

What this means

What could happen

An attacker who tricks an operator into opening a malicious X_T format file in Teamcenter Visualization or JT2Go could execute arbitrary code on the workstation, potentially gaining access to engineering data, credentials, or ability to modify designs before they are sent to manufacturing.

Who's at risk

Organizations using Siemens Teamcenter Visualization (versions 14.2, 14.3, or 2312) or JT2Go for engineering design, collaboration, or file viewing. This primarily affects design departments, manufacturing engineering teams, and any staff who open JT/X_T format files from external parties or untrusted sources.

How it could be exploited

An attacker crafts a malicious X_T file (JT format) and socially engineers an operator to open it in Teamcenter Visualization or JT2Go (via email, USB, or file share). When the file is opened, the application reads the file and triggers an out-of-bounds read, stack exhaustion, or null pointer dereference, allowing code execution in the context of the operator's workstation.

Prerequisites

User interaction required: operator must be tricked into opening a malicious X_T file
X_T file format support must be enabled in the application (default)
Attacker must have ability to deliver file to target (email, web, removable media)

User interaction required (social engineering)Local execution only (not remotely exploitable)Low exploit complexityLow EPSS score (0.2%)Teamcenter Visualization V14.2 has no fix available

Exploitability

Low exploit probability (EPSS 0.2%)

Affected products (4)

4 with fix

ProductAffected VersionsFix Status

JT2Go<V2312.00042312.0004

Teamcenter Visualization V14.2<V14.2.0.1214.2.0.12

Teamcenter Visualization V14.3<V14.3.0.914.3.0.9

Teamcenter Visualization V2312<V2312.00042312.0004

Remediation & Mitigation

0/7

Do now

0/2

JT2Go

WORKAROUNDDo not open untrusted X_T files in Teamcenter Visualization or JT2Go until patched

All products

HARDENINGEducate engineering staff to avoid opening X_T files from untrusted sources and recognize social engineering attempts

Schedule — requires maintenance window

0/4

Patching may require device reboot — plan for process interruption

JT2Go

HOTFIXUpdate JT2Go to version 2312.0004 or later

Teamcenter Visualization V14.3

HOTFIXUpdate Teamcenter Visualization V14.3 to version 14.3.0.9 or later

Teamcenter Visualization V2312

HOTFIXUpdate Teamcenter Visualization V2312 to version 2312.0004 or later

All products

HARDENINGImplement email gateway controls to block or warn on X_T file attachments from external sources

Long-term hardening

0/1

HARDENINGSegment engineering workstations running these tools from the production network and internet

CVEs (3)

CVE-2024-26275 CVE-2024-26276 CVE-2024-26277

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/2626631e-0810-444b-a767-51d305fe54cc