OTPulse
FeedAboutContact

Multiple File Parsing Vulnerabilities in JT2Go and Teamcenter Visualization before V13.2.0.1

Plan Patch7.8SSA-365397Aug 10, 2021
Attack VectorLocal
Auth RequiredNone
ComplexityLow
User InteractionRequired
Summary

Multiple file parsing vulnerabilities in JT2Go and Teamcenter Visualization before V13.2.0.1 can be triggered when these products read files in CGM, DGN, DXF, and DWG formats. The vulnerabilities include buffer overflow (CWE-787), out-of-bounds read (CWE-125), use-after-free (CWE-416), and null pointer dereference (CWE-476). A user tricked into opening a malicious file could experience application crashes or arbitrary code execution on the workstation.

What this means
What could happen
An attacker could craft a malicious CAD file (CGM, DGN, DXF, or DWG format) that, when opened by an engineer in JT2Go or Teamcenter Visualization, causes the application to crash or executes arbitrary code on the workstation with that user's privileges.
Who's at risk
Engineering teams and CAD operators who use Siemens JT2Go or Teamcenter Visualization to view and work with CAD files in CGM, DGN, DXF, or DWG formats on Windows workstations.
How it could be exploited
An attacker creates a malicious CAD file in one of the supported formats and tricks an engineer into opening it in JT2Go or Teamcenter Visualization. The parsing vulnerabilities (buffer overflow, out-of-bounds read, use-after-free, null pointer dereference) are triggered during file parsing, leading to a denial of service or code execution.
Prerequisites
  • User must open a malicious file
  • File must be in CGM, DGN, DXF, or DWG format
  • JT2Go or Teamcenter Visualization must be installed and vulnerable version running
  • Attacker must deliver the file to the target user via email, file share, or social engineering
Local attack vector (user interaction required)No authentication bypassArbitrary code execution possibleLow complexity attackAffects engineering workstations
Exploitability
Low exploit probability (EPSS 0.3%)
Affected products (2)
2 with fix
ProductAffected VersionsFix Status
JT2Go< V13.2.0.113.2.0.1
Teamcenter Visualization< V13.2.0.113.2.0.1
Remediation & Mitigation
0/3
Do now
0/1
HARDENINGTrain users to avoid opening CAD files from untrusted or unknown sources, and validate file origin before opening
Schedule — requires maintenance window
0/2

Patching may require device reboot — plan for process interruption

JT2Go
HOTFIXUpdate JT2Go to version V13.2.0.1 or later
Teamcenter Visualization
HOTFIXUpdate Teamcenter Visualization to version V13.2.0.1 or later
View full Siemens ProductCERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/39c11aa2-5a05-45ae-8113-2f4eab29098b
Multiple File Parsing Vulnerabilities in JT2Go and Teamcenter Visualization before V13.2.0.1 | CVSS 7.8 - OTPulse