Siemens Teamcenter Visualization and JT2Go

Plan Patch7.8ICS-CERT ICSA-24-284-03Oct 8, 2024

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

Siemens Teamcenter Visualization (versions 14.2, 14.3, 2312, 2406) and JT2Go contain stack buffer overflow and null pointer dereference vulnerabilities triggered while parsing XML files. If a user opens a malicious XML file, the application could crash or potentially allow arbitrary code execution with the privileges of the user running the application. The vulnerabilities are not remotely exploitable and require user action to open a crafted file.

What this means

What could happen

An attacker could trick an operator into opening a malicious XML file, causing Teamcenter Visualization or JT2Go to crash, become unresponsive, or potentially execute arbitrary code on the operator's engineering workstation.

Who's at risk

Engineering and design staff who use Siemens Teamcenter Visualization or JT2Go for viewing and collaborating on product designs. This includes design engineers, product managers, and anyone involved in PLM (Product Lifecycle Management) workflows who may be targeted with malicious XML files via email or file shares.

How it could be exploited

An attacker delivers a specially crafted XML file (via email, shared folder, or other means) to a user with access to JT2Go or Teamcenter Visualization. When the user opens the file, the application parses the malicious XML and triggers a stack buffer overflow or null pointer dereference, crashing the application or allowing code execution.

Prerequisites

User interaction required (user must open the malicious XML file)
Access to deliver file to target user (email, file share, removable media)
Target device must have JT2Go or Teamcenter Visualization installed

User interaction requiredLow complexity attackCould lead to arbitrary code executionNo active public exploitation reported

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (5)

5 with fix

ProductAffected VersionsFix Status

JT2Go<V2406.00032406.0003

Teamcenter Visualization V14.2<V14.2.0.1314.2.0.13

Teamcenter Visualization V14.3<V14.3.0.1114.3.0.11

Teamcenter Visualization V2312<V2312.00082312.0008

Teamcenter Visualization V2406<V2406.00032406.0003

Remediation & Mitigation

0/7

Do now

0/2

JT2Go

WORKAROUNDInstruct users not to open untrusted or unexpected XML files from unknown sources in JT2Go or Teamcenter Visualization

All products

WORKAROUNDEducate users to avoid opening email attachments or clicking links from unsolicited messages, especially those requesting to open files

Schedule — requires maintenance window

0/5

Patching may require device reboot — plan for process interruption

JT2Go

HOTFIXUpdate JT2Go to version 2406.0003 or later

Teamcenter Visualization V14.2

HOTFIXUpdate Teamcenter Visualization V14.2 to version 14.2.0.13 or later

Teamcenter Visualization V14.3

HOTFIXUpdate Teamcenter Visualization V14.3 to version 14.3.0.11 or later

Teamcenter Visualization V2312

HOTFIXUpdate Teamcenter Visualization V2312 to version 2312.0008 or later

Teamcenter Visualization V2406

HOTFIXUpdate Teamcenter Visualization V2406 to version 2406.0003 or later

CVEs (2)

CVE-2024-37996 CVE-2024-37997

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/4c026fb4-5ad3-4629-8286-954b7f438e72