Siemens Teamcenter Visualization and JT2Go
Plan Patch7.8ICS-CERT ICSA-24-228-03Aug 13, 2024
Attack VectorLocal
Auth RequiredNone
ComplexityLow
User InteractionRequired
Summary
JT2Go and Teamcenter Visualization contain out-of-bounds read and null pointer dereference vulnerabilities in the X_T file parser. When a user opens a malicious X_T format file, the application may crash or execute arbitrary code in the context of the user. Affected versions are JT2Go before 2312.0005, Teamcenter Visualization V14.2 before 14.2.0.12, V14.3 before 14.3.0.10, and V2312 before 2312.0005. Siemens has released patched versions and recommends updating and avoiding untrusted X_T files.
What this means
What could happen
An attacker who tricks a user into opening a malicious X_T file could execute arbitrary code on that user's workstation with the same privileges as the application. This could lead to unauthorized access to design data, process information, or lateral movement into the engineering network.
Who's at risk
Engineering teams and design departments that use Siemens Teamcenter Visualization or JT2Go for viewing and collaborating on CAD/design files. This includes manufacturing plants, automotive suppliers, industrial equipment makers, and any organization with a Teamcenter-based product lifecycle management (PLM) system. Affected versions are Teamcenter Visualization V14.2, V14.3, V2312, and JT2Go versions before 2312.0005.
How it could be exploited
An attacker creates a malicious X_T format file (Teamcenter or JT2Go native file format) and sends it to an engineer or designer via email or file share. When the user opens the file in JT2Go or Teamcenter Visualization, the application crashes due to an out-of-bounds read or null pointer dereference, but not before executing attacker code embedded in the file payload. The code runs in the context of the application and the logged-in user.
Prerequisites
- User must open a malicious X_T file with an affected version of JT2Go or Teamcenter Visualization
- No valid credentials or special network access required; the exploit is delivered via file, not network
Requires user interaction (file opening)No authentication required to exploit the fileLow attack complexityCould allow code execution in the context of the user running the applicationTargets workstations that may have access to sensitive design and process data
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (4)
4 with fix
ProductAffected VersionsFix Status
JT2Go<V2312.00052312.0005
Teamcenter Visualization V14.2<V14.2.0.1214.2.0.12
Teamcenter Visualization V14.3<V14.3.0.1014.3.0.10
Teamcenter Visualization V2312<V2312.00052312.0005
Remediation & Mitigation
0/7
Do now
0/2JT2Go
HARDENINGEducate users to avoid opening file attachments from unsolicited email and to verify file sources before opening in JT2Go or Teamcenter Visualization
All products
WORKAROUNDDo not open X_T files from untrusted sources in affected applications
Schedule — requires maintenance window
0/4Patching may require device reboot — plan for process interruption
JT2Go
HOTFIXUpdate JT2Go to version 2312.0005 or later
Teamcenter Visualization V14.2
HOTFIXUpdate Teamcenter Visualization V14.2 to version 14.2.0.12 or later
Teamcenter Visualization V14.3
HOTFIXUpdate Teamcenter Visualization V14.3 to version 14.3.0.10 or later
Teamcenter Visualization V2312
HOTFIXUpdate Teamcenter Visualization V2312 to version 2312.0005 or later
Long-term hardening
0/1JT2Go
HARDENINGIsolate engineering workstations and Teamcenter/JT2Go systems from the general business network using network segmentation and firewalls
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/4d3fe6b6-62b8-4161-82dd-53c8a82a49a7