Multiple WRL File Parsing Vulnerabilities in Teamcenter Visualization and JT2Go
Plan Patch7.8SSA-278349Sep 12, 2023
Attack VectorLocal
Auth RequiredNone
ComplexityLow
User InteractionRequired
Summary
Multiple file parsing vulnerabilities in WRL (VRML) format handling within Siemens JT2Go and Teamcenter Visualization could allow arbitrary code execution or application crash if a user opens a malicious WRL file. The vulnerabilities involve out-of-bounds writes (CWE-121, CWE-122, CWE-787), type confusion (CWE-843), and use-after-free (CWE-416) conditions triggered during WRL file parsing. Siemens has released updates for most versions; Teamcenter Visualization V14.0 has no patch available.
What this means
What could happen
An attacker could trick an engineer or operator into opening a malicious WRL 3D model file, causing the Teamcenter Visualization or JT2Go application to crash (denial of service) or potentially execute arbitrary code on the engineering workstation.
Who's at risk
Manufacturing and engineering organizations using Siemens Teamcenter Visualization or JT2Go for 3D model review and visualization on engineering workstations. This affects design engineers, manufacturing engineers, and PLM (product lifecycle management) users who routinely open 3D model files as part of their workflow.
How it could be exploited
An attacker crafts a malicious WRL (VRML) 3D model file with out-of-bounds writes or use-after-free conditions. The attacker distributes this file via email or file sharing and tricks a user into opening it with JT2Go or Teamcenter Visualization. When the application parses the file, the vulnerability triggers, allowing code execution or a crash.
Prerequisites
- User must open a malicious WRL file with an affected version of JT2Go or Teamcenter Visualization
- Social engineering required to convince user to open the file
- File must be in WRL (VRML) format
Low exploitation complexityUser interaction required (social engineering)High CVSS score (7.8)Affects engineering workstations (not directly OT equipment, but control of engineering systems)No patch available for Teamcenter Visualization V14.0
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (6)
5 with fix1 EOL
ProductAffected VersionsFix Status
JT2Go< V14.3.0.114.3.0.1
Teamcenter Visualization V13.3< V13.3.0.1213.3.0.12
Teamcenter Visualization V14.1< V14.1.0.1114.1.0.11
Teamcenter Visualization V14.2< V14.2.0.614.2.0.6
Teamcenter Visualization V14.3< V14.3.0.114.3.0.1
Teamcenter Visualization V14.0All versionsNo fix (EOL)
Remediation & Mitigation
0/7
Do now
0/2HARDENINGEducate users not to open WRL files from untrusted sources or unexpected emails
WORKAROUNDRestrict WRL file handling through file association controls or disable WRL file opening in Teamcenter if not required for operations
Schedule — requires maintenance window
0/5Patching may require device reboot — plan for process interruption
JT2Go
HOTFIXUpdate JT2Go to version 14.3.0.1 or later
Teamcenter Visualization V13.3
HOTFIXUpdate Teamcenter Visualization V13.3 to version 13.3.0.12 or later
Teamcenter Visualization V14.1
HOTFIXUpdate Teamcenter Visualization V14.1 to version 14.1.0.11 or later
Teamcenter Visualization V14.2
HOTFIXUpdate Teamcenter Visualization V14.2 to version 14.2.0.6 or later
Teamcenter Visualization V14.3
HOTFIXUpdate Teamcenter Visualization V14.3 to version 14.3.0.1 or later
CVEs (7)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/af605f93-0279-4ec7-8b5b-cc042015f442