Siemens JT2Go

Plan PatchCVSS 7.8ICS-CERT ICSA-24-284-07Oct 8, 2024

Siemens

Attack path

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

Siemens JT2Go contains a stack-based buffer overflow vulnerability in its PDF file parser (CWE-121). When a user opens a malicious PDF file, the overflow could crash the application or lead to arbitrary code execution. The vulnerability affects all versions before V2406.0003. Siemens has released version 2406.0003 as a fix.

What this means

What could happen

A user tricked into opening a malicious PDF file in JT2Go could allow an attacker to crash the application or execute arbitrary code on the workstation, potentially compromising the system or gaining access to connected engineering networks.

Who's at risk

Engineering teams and workstations that use Siemens JT2Go for viewing and manipulating 3D CAD models and technical documentation. This affects design and process engineering roles that handle design files and may receive files via email or file-sharing systems.

How it could be exploited

An attacker crafts a malicious PDF file and tricks a user into opening it in JT2Go (via email, file sharing, or social engineering). When the PDF is parsed, a stack-based buffer overflow in the PDF handler causes code execution with the privileges of the JT2Go user.

Prerequisites

User interaction required: victim must open a malicious PDF file in JT2Go
Affected version of JT2Go must be installed (versions before V2406.0003)

requires user interaction (social engineering vector)local attack only, not remotely exploitableaffects engineering workstations which may be connected to OT networks

Exploitability

Unlikely to be exploited — EPSS score 0.1%

Affected products (1)

ProductAffected VersionsFix Status

JT2Go<V2406.00032406.0003

Remediation & Mitigation

0/4

Do now

0/2

WORKAROUNDRemove or disable PDFJTExtractor.exe from the JT2Go installation directory as a temporary mitigation

WORKAROUNDDo not open PDF files from untrusted or unexpected sources in JT2Go

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate JT2Go to version 2406.0003 or later

Long-term hardening

0/1

HARDENINGImplement user training to avoid opening unsolicited file attachments and suspicious files

CVEs (1)

CVE-2024-41902

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/f9091771-64b8-463b-8814-38dbdc27a532

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.