Multiple File Parsing Vulnerabilities in Teamcenter Visualization and JT2Go

Plan Patch7.8SSA-538795Jun 13, 2023

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

Siemens Teamcenter Visualization and JT2Go contain multiple file parsing vulnerabilities in the CGM file reader. A malicious CGM file can trigger a null pointer dereference (CWE-476) or buffer overflow (CWE-119/CWE-125) when opened in the affected applications. Exploitation requires user interaction but could result in application crash or arbitrary code execution with the privileges of the user who opened the file.

What this means

What could happen

An attacker could trick an engineer or designer into opening a malicious CGM graphics file, causing the Visualization or JT2Go application to crash or potentially execute arbitrary code on the workstation with the user's privileges.

Who's at risk

Manufacturing and engineering organizations that use Siemens Teamcenter Visualization or JT2Go for CAD/product design work. This primarily affects design engineers, PLM administrators, and anyone who handles product data files. The risk is limited to workstations where these tools are installed and is triggered only when a user opens a malicious file.

How it could be exploited

An attacker creates a malicious CGM (Computer Graphics Metafile) file and sends it to an engineer or designer. When the user opens the file in Teamcenter Visualization or JT2Go, the application's file parser processes the malicious data, triggering a buffer overflow or null pointer dereference that crashes the application or allows code execution on the workstation.

Prerequisites

User must open a malicious CGM file using Teamcenter Visualization or JT2Go
Affected version of the application must be installed
User interaction required (file must be opened by the user)

User interaction required (file must be opened)Low complexity attackHigh CVSS score (7.8)Potential arbitrary code executionAffects engineering workstations

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (6)

6 with fix

ProductAffected VersionsFix Status

JT2Go< V14.2.0.314.1.0.4

Teamcenter Visualization V13.2< V13.2.0.1313.2.0.13

Teamcenter Visualization V13.3< V13.3.0.1013.3.0.10

Teamcenter Visualization V14.0< V14.0.0.614.0.0.6

Teamcenter Visualization V14.1< V14.1.0.814.1.0.8

Teamcenter Visualization V14.2< V14.2.0.314.2.0.3

Remediation & Mitigation

0/8

Do now

0/2

WORKAROUNDDisable or restrict the ability to open CGM files from untrusted sources until patches are applied

HARDENINGWarn users not to open CGM files from unknown or untrusted senders

Schedule — requires maintenance window

0/6

Patching may require device reboot — plan for process interruption

JT2Go

HOTFIXUpdate JT2Go to version 14.2.0.3 or later

Teamcenter Visualization V13.2

HOTFIXUpdate Teamcenter Visualization V13.2 to version 13.2.0.13 or later

Teamcenter Visualization V13.3

HOTFIXUpdate Teamcenter Visualization V13.3 to version 13.3.0.10 or later

Teamcenter Visualization V14.0

HOTFIXUpdate Teamcenter Visualization V14.0 to version 14.0.0.6 or later

Teamcenter Visualization V14.1

HOTFIXUpdate Teamcenter Visualization V14.1 to version 14.1.0.8 or later

Teamcenter Visualization V14.2

HOTFIXUpdate Teamcenter Visualization V14.2 to version 14.2.0.3 or later

CVEs (4)

CVE-2023-33121 CVE-2023-33122 CVE-2023-33123 CVE-2023-33124

View full Siemens ProductCERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/3acd3a09-e0df-406e-87ca-cbae90e7d54a