OTPulse
FeedAboutContact

Siemens JT Open and PLM XML SDK

Plan Patch7.8ICS-CERT ICSA-24-193-10Jul 9, 2024
Attack VectorLocal
Auth RequiredNone
ComplexityLow
User InteractionRequired
Summary

JT Open Toolkit and PLM XML SDK contain stack buffer overflow (CWE-476) and null pointer dereference (CWE-121) vulnerabilities triggered when parsing malicious XML files. An attacker could craft a malicious XML file that, when opened by a user in the affected application, causes a crash or potentially executes arbitrary code on the local system.

What this means
What could happen
If an operator opens a malicious XML file in JT Open or PLM XML SDK, the application could crash or an attacker could run arbitrary code on the engineering workstation, potentially allowing them to modify CAD/PLM data or spread to connected systems.
Who's at risk
Engineering and CAD teams using Siemens JT Open Toolkit or PLM XML SDK for product lifecycle management and design work. This affects design/engineering workstations in manufacturing, automotive, aerospace, and other industries that use Siemens PLM tools for CAD data management.
How it could be exploited
An attacker sends or tricks an operator into opening a malicious XML file using social engineering (email, file sharing). When the file is opened in JT Open or PLM XML SDK, the parser encounters a crafted structure that triggers a buffer overflow or null pointer dereference, crashing the application or executing attacker code with the privileges of the logged-in user.
Prerequisites
  • User must manually open a malicious XML file in JT Open or PLM XML SDK
  • File must be delivered via social engineering (email, USB, shared drive)
  • Affected product version must be less than JT Open V11.5 or PLM XML SDK V7.1.0.014
requires user interaction (file open)local exploitation only (not remotely exploitable)affects engineering workstations with potential lateral movement risksocial engineering attack vectorno known public exploitation yet
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (2)
2 with fix
ProductAffected VersionsFix Status
JT Open<V11.511.5
PLM XML SDK<V7.1.0.0147.1.0.014
Remediation & Mitigation
0/4
Do now
0/1
WORKAROUNDDo not open XML files from untrusted sources; implement user training on recognizing suspicious file sources
Schedule — requires maintenance window
0/2

Patching may require device reboot — plan for process interruption

JT Open
HOTFIXUpdate JT Open to version 11.5 or later
PLM XML SDK
HOTFIXUpdate PLM XML SDK to version 7.1.0.014 or later
Long-term hardening
0/1
JT Open
HARDENINGSegment engineering workstations running JT Open/PLM XML SDK from the internet and restrict file import sources to trusted internal repositories
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/8879634a-8536-4a6d-8070-2310b19f4158
Siemens JT Open and PLM XML SDK | CVSS 7.8 - OTPulse