XML File Parsing Vulnerabilities in JT Open and PLM XML SDK

Plan Patch7.8SSA-824889Jul 9, 2024

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

JT Open Toolkit and PLM XML SDK contain stack buffer overflow (CWE-476) and null pointer dereference (CWE-121) vulnerabilities triggered by parsing malicious XML files. Successful exploitation could crash the application or allow arbitrary code execution if a user opens a specially crafted XML file. Siemens has released fixed versions: JT Open 11.5 or later and PLM XML SDK 7.1.0.014 or later.

What this means

What could happen

A user opening a malicious XML file could crash the application or potentially allow arbitrary code execution on their workstation running JT Open or PLM XML SDK.

Who's at risk

Organizations using Siemens JT Open Toolkit or PLM XML SDK for CAD/PLM data processing should care. This affects design engineers, manufacturing engineers, and any personnel who handle JT (Jupiter Tessellation) files or PLM XML data in product development and manufacturing environments.

How it could be exploited

An attacker creates a specially crafted XML file that exploits stack buffer overflow or null pointer dereference vulnerabilities in the XML parser. The attacker sends this file to a user (via email, file share, or web download) and tricks them into opening it with JT Open or PLM XML SDK, triggering the vulnerable code path.

Prerequisites

User must open a malicious XML file with JT Open or PLM XML SDK
No network access required
No authentication required

Low complexity exploitationUser interaction required (file open)High impact if exploited (code execution possible)Affects workstations in engineering and design functions

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (2)

2 with fix

ProductAffected VersionsFix Status

JT Open<V11.511.5

PLM XML SDK<V7.1.0.0147.1.0.014

Remediation & Mitigation

0/3

Do now

0/1

HARDENINGEducate users not to open XML files from untrusted sources

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

JT Open

HOTFIXUpdate JT Open to version 11.5 or later

PLM XML SDK

HOTFIXUpdate PLM XML SDK to version 7.1.0.014 or later

CVEs (2)

CVE-2024-37996 CVE-2024-37997

View full Siemens ProductCERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/ff8d7fd7-c765-430a-b3a5-06d22f407ee0