JT File Parsing Vulnerabilities in JT Open, JT Utilities and Parasolid

Plan Patch7.8SSA-001569Aug 8, 2023

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

JT Open, JT Utilities, and Parasolid are affected by memory corruption vulnerabilities in JT file parsing. When a user opens a malicious JT file, the application may crash or allow arbitrary code execution. The vulnerability requires user interaction and is triggered during file parsing. Siemens has released updates for all affected product versions.

What this means

What could happen

An attacker could trick a user into opening a malicious JT file, which could crash the application or potentially execute arbitrary code on the workstation or engineering system. This could disrupt design workflows or compromise engineering systems used to manage OT environments.

Who's at risk

Engineering teams and CAD/design groups at utilities and manufacturers who use Siemens JT Open, JT Utilities, or Parasolid for 3D modeling, asset design, and engineering documentation should prioritize patching. This includes design engineers, plant layout specialists, and automation engineers who work with JT format files in SCADA/DCS configuration or asset management workflows.

How it could be exploited

An attacker crafts a malicious JT file containing specially formatted data that triggers a memory corruption flaw during parsing. The attacker delivers the file to an engineer or operator (via email, file share, or supply chain compromise). When the user opens the file with a vulnerable version of JT Open, JT Utilities, or Parasolid, the application crashes or the attacker's code executes with the user's privileges.

Prerequisites

User must open a malicious JT file using a vulnerable version of JT Open, JT Utilities, or Parasolid
File must be delivered to the user through social engineering or compromised distribution channel
No special credentials or network access required

low complexityuser interaction required (file opening)local attack vector onlyaffects engineering workstations that support OT designmemory corruption can lead to code execution

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (6)

6 with fix

ProductAffected VersionsFix Status

JT Open< V11.411.4

JT Utilities< V13.413.4

Parasolid V34.0< V34.0.25334.0.253

Parasolid V34.1< V34.1.24334.1.243

Parasolid V35.0< V35.0.17735.0.177

Parasolid V35.1< V35.1.07335.1.073

Remediation & Mitigation

0/7

Do now

0/1

HARDENINGEducate engineering and design staff not to open JT files from untrusted sources

Schedule — requires maintenance window

0/5

Patching may require device reboot — plan for process interruption

JT Open

HOTFIXUpdate JT Open to version 11.4 or later

JT Utilities

HOTFIXUpdate JT Utilities to version 13.4 or later

Parasolid V34.0

HOTFIXUpdate Parasolid V34.0 to version 34.0.253 or later

Parasolid V34.1

HOTFIXUpdate Parasolid V34.1 to version 34.1.243 or later

Parasolid V35.0

HOTFIXUpdate Parasolid V35.0 to version 35.0.177 or later

Long-term hardening

0/1

HARDENINGImplement file validation and sandboxing for JT file processing on engineering workstations

CVEs (2)

CVE-2023-30795 CVE-2023-30796

View full Siemens ProductCERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/e1b269a2-835f-45c5-a083-d9734fac5619