Full Report
Siemens Teamcenter Visualization and JT2Go are affected by multiple file parsing vulnerabilities that could be triggered when the application reads malicious TIF, CGM or PDF files. If a user is tricked to open a malicious TIF, CGM or PDF file with the affected products, this could lead the application to crash or potentially lead to arbitrary code execution. Siemens has released updates for the affected products and recommends to update to the latest versions.
Analysis Summary
# Vulnerability: Multiple File Parsing Flaws in Teamcenter Visualization and JT2Go
## CVE Details
- **CVE ID:** CVE-2022-39136, CVE-2022-41660, CVE-2022-41661, CVE-2022-41662, CVE-2022-41663, CVE-2022-41664
- **CVSS Score:** 7.8 (High)
- **CWE:**
- CWE-122: Heap-based Buffer Overflow (TIF files)
- CWE-787: Out-of-bounds Write (CGM files)
- CWE-125: Out-of-bounds Read (CGM files)
- CWE-416: Use After Free (CGM files)
- CWE-121: Stack-based Buffer Overflow (PDF files)
## Affected Systems
- **Products:**
- JT2Go
- Teamcenter Visualization (V13.2, V13.3, V14.0, V14.1)
- **Versions:**
- JT2Go: All versions < V13.3.0.8 (specifically for CVE-2022-39136)
- Teamcenter Visualization V14.0: All versions < V14.0.0.3
- Teamcenter Visualization V14.1: All versions < V14.1.0.4
- **Configurations:** Vulnerabilities are triggered during the parsing of specially crafted CGM, TIF, or PDF files.
## Vulnerability Description
Multiple memory corruption vulnerabilities exist in the file parsing engines of Siemens JT2Go and Teamcenter Visualization. The flaws include heap and stack buffer overflows, out-of-bounds reads/writes, and use-after-free conditions. These occur when the application incorrectly handles malicious data within TIF, CGM, or PDF files.
## Exploitation
- **Status:** PoC available (CVSS Exploit Code Maturity: Functional/Proven)
- **Complexity:** Low
- **Attack Vector:** Local (Requires user interaction to open a malicious file)
## Impact
- **Confidentiality:** High
- **Integrity:** High
- **Availability:** High
- **Result:** Arbitrary code execution in the context of the current process or application crash.
## Remediation
### Patches
Siemens recommends updating to the following versions:
- **JT2Go:** Update to V13.3.0.8 or later.
- **Teamcenter Visualization V14.0:** Update to V14.0.0.3 or later.
- **Teamcenter Visualization V14.1:** Update to V14.1.0.4 or later.
- **Other Versions:** Consult Siemens support for V13.2 and V13.3 specific lifecycle updates.
### Workarounds
- **File Hygiene:** Do not open untrusted CGM, TIF, or PDF files from unknown sources.
- **Principle of Least Privilege:** Run the applications with the minimum necessary user privileges to limit the impact of potential code execution.
## Detection
- **Indicators of Compromise:** Unexpected application crashes (Access Violations) when opening CAD-related image or document files.
- **Detection Methods:** Monitor process execution for unusual child processes spawned by JT2Go or Teamcenter Visualization (e.g., cmd.exe or powershell.exe).
## References
- **Vendor Advisory:** hxxps://cert-portal[.]siemens[.]com/productcert/pdf/ssa-120378[.]pdf
- **Siemens Security Hub:** hxxps://www[.]siemens[.]com/cert/advisories
- **Industrial Security Guidelines:** hxxps://www[.]siemens[.]com/cert/operational-guidelines-industrial-security