OTPulse
FeedAboutContact

Siemens JT2Go

Plan Patch7.8ICS-CERT ICSA-24-284-07Oct 8, 2024
Attack VectorLocal
Auth RequiredNone
ComplexityLow
User InteractionRequired
Summary

Siemens JT2Go is affected by a stack-based buffer overflow vulnerability (CWE-121) that can be triggered when the application reads PDF files. If a user opens a malicious PDF file, the application could crash or potentially execute arbitrary code with the privileges of the user running the application.

What this means
What could happen
An attacker could craft a malicious PDF file that, when opened in JT2Go, executes arbitrary code on the engineering workstation with the user's privileges, potentially compromising sensitive design data or providing a foothold into the network.
Who's at risk
This affects organizations using Siemens JT2Go for viewing and working with JT CAD/CAM design files, particularly engineering and design teams at manufacturers, automotive suppliers, and equipment builders who process external or untrusted PDF files as part of their workflow.
How it could be exploited
An attacker would create a malicious PDF file with a crafted payload designed to overflow the stack buffer in JT2Go's PDF parsing code. The attacker would need to deliver this file to a user (via email, file sharing, or USB) and trick them into opening it within the application. Upon opening, the overflow would execute the attacker's code in the context of the JT2Go process.
Prerequisites
  • User interaction required: victim must open a malicious PDF file in JT2Go
  • Affected version: JT2Go prior to V2406.0003
  • Local system access to where JT2Go is installed
User interaction required to triggerLocal code execution possibleAffects engineering workstationsLow EPSS (0.1%) but user-dependent
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (1)
ProductAffected VersionsFix Status
JT2Go<V2406.00032406.0003
Remediation & Mitigation
0/4
Do now
0/2
WORKAROUNDDo not open untrusted or unexpected PDF files in JT2Go, especially files received via email or from external sources
WORKAROUNDRemove PDFJTExtractor.exe from the JT2Go installation directory to disable PDF parsing capability if not required
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate JT2Go to version V2406.0003 or later
Long-term hardening
0/1
HARDENINGSegment engineering workstations running JT2Go from critical networks and restrict internet access to minimize risk of file delivery
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/f9091771-64b8-463b-8814-38dbdc27a532
Siemens JT2Go | CVSS 7.8 - OTPulse