Multiple JT File Parsing Vulnerabilities in JT Utilities before V13.0.2.0

Monitor5.5SSA-209268Jul 13, 2021

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

JT Utilities before version V13.0.2.0 contains multiple vulnerabilities in JT file parsing that can cause the application to crash when processing malformed JT files. The vulnerabilities are triggered by reading specially crafted JT files and result in denial of service to the affected workstation.

What this means

What could happen

An attacker could cause JT Utilities to crash by crafting a malicious JT file, disrupting engineering work and potentially delaying critical plant design or maintenance activities.

Who's at risk

Engineering teams and plant personnel who use JT Utilities for CAD model viewing and collaboration in manufacturing, power generation, water treatment, and other industrial facilities. This affects engineering workstations, not control systems directly.

How it could be exploited

An attacker creates a malformed JT file and tricks or socially engineers an engineer to open it in JT Utilities. The vulnerable parser processes the malicious file structure and crashes the application, causing a denial of service to engineering workstations.

Prerequisites

User interaction required: engineer must open the malicious JT file in JT Utilities
JT Utilities version prior to V13.0.2.0 must be installed
Access to engineer's workstation or ability to deliver file through email/network share

requires user interaction to open malicious filelow technical complexityaffects engineering tools and workstations

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (1)

ProductAffected VersionsFix Status

JT Utilities< V13.0.2.013.0.2.0

Remediation & Mitigation

0/2

Do now

0/1

WORKAROUNDDo not open JT files from untrusted sources or unknown origins until the update is applied

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate JT Utilities to version V13.0.2.0 or later

CVEs (3)

CVE-2021-33713 CVE-2021-33714 CVE-2021-33715

View full Siemens ProductCERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/9512f908-9270-4b31-8fbe-bb44d000e219