Full Report
JT Open Toolkit, JT Utilities and Parasolid are affected by memory corruption vulnerabilities that could be triggered while parsing JT files. If a user is tricked to open a malicious JT file with any of the affected products, this could cause the application to crash or potentially lead to arbitrary code execution. Siemens has released updates for the affected products and recommends to update to the latest versions.
Analysis Summary
# Vulnerability: JT File Parsing Memory Corruption in Siemens Products
## CVE Details
- **CVE ID:** CVE-2023-30795, CVE-2023-30796
- **CVSS Score:** 7.8 (High)
- **CWE:** CWE-125 (Out-of-bounds Read)
## Affected Systems
- **Products:**
- JT Open Toolkit
- JT Utilities
- Parasolid (V34.0, V34.1, V35.0, V35.1)
- **Versions:**
- JT Open: All versions < V11.4
- JT Utilities: All versions < V13.4
- Parasolid V34.0: All versions < V34.0.253
- Parasolid V34.1: All versions < V34.1.243
- Parasolid V35.0: All versions < V35.0.177
- Parasolid V35.1: All versions < V35.1.073
- **Configurations:** Systems where these toolkits/utilities are used to parse JT data formats. Parasolid versions are specifically noted as affected only by CVE-2023-30795.
## Vulnerability Description
The affected applications contain an out-of-bounds read flaw when parsing specially crafted JT files (an ISO standard 3D data format). Specifically, the software reads past the end of an allocated memory structure. In a memory corruption context, this can lead to the disclosure of sensitive information or be leveraged to achieve arbitrary code execution in the context of the current process.
## Exploitation
- **Status:** PoC available (Exploit Code Maturity: Functional/Proved)
- **Complexity:** Low
- **Attack Vector:** Local (Requires user interaction to open a malicious file)
## Impact
- **Confidentiality:** High
- **Integrity:** High
- **Availability:** High
## Remediation
### Patches
Siemens recommends updating to the following versions or later:
- **JT Open:** Update to V11.4
- **JT Utilities:** Update to V13.4
- **Parasolid V34.0:** Update to V34.0.253
- **Parasolid V34.1:** Update to V34.1.243
- **Parasolid V35.0:** Update to V35.0.177
- **Parasolid V35.1:** Update to V35.1.073
### Workarounds
- **Restrict File Sources:** Do not open JT files from untrusted or unknown sources.
- **Principle of Least Privilege:** Run applications using these toolkits with the minimum necessary user permissions to limit the impact of potential code execution.
## Detection
- **Indicators of Compromise:** Unexpected application crashes when opening JT files.
- **Detection Methods:** Vulnerability scanners can be used to identify outdated versions of the JT Open Toolkit and Parasolid libraries located in application installation directories.
## References
- **Vendor Advisory:** hxxps[://]cert-portal[.]siemens[.]com/productcert/html/ssa-001569[.]html
- **Support Portal:** hxxps[://]support[.]sw[.]siemens[.]com/
- **Siemens Industrial Security Guidelines:** hxxps[://]www[.]siemens[.]com/cert/operational-guidelines-industrial-security