Full Report
Siemens JT2Go and Teamcenter Visualization are affected by file parsing vulnerabilities that could be triggered when the application reads files in WRL format. If a user is tricked to open a malicious file with any of the affected products, this could lead the application to crash or potentially lead to arbitrary code execution. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends countermeasures for products where updates are not, or not yet available.
Analysis Summary
# Vulnerability: Multiple WRL File Parsing Vulnerabilities in Siemens JT2Go and Teamcenter Visualization
## CVE Details
- CVE ID: Multiple (CVE-2023-38070 through CVE-2023-38076 are detailed)
- CVSS Score: 7.8 (High) for all documented CVEs.
- CWE: CWE-121 (Stack-based Buffer Overflow), CWE-122 (Heap-based Buffer Overflow), CWE-843 (Type Confusion), CWE-416 (Use After Free).
## Affected Systems
- Products: Siemens JT2Go, Teamcenter Visualization
- Versions:
- JT2Go: All versions < V14.3.0.1
- Teamcenter Visualization V13.3: All versions < V13.3.0.12
- Teamcenter Visualization V14.0: All versions (No fix planned)
- Teamcenter Visualization V14.1: All versions < V14.1.0.11
- Teamcenter Visualization V14.2: All versions < V14.2.0.6
- Teamcenter Visualization V14.3: All versions < V14.3.0.1
- Configurations: Triggered when the application reads maliciously crafted files in WRL (VRML) format.
## Vulnerability Description
Siemens JT2Go and Teamcenter Visualization are subject to multiple memory corruption vulnerabilities (Stack/Heap-based Buffer Overflows, Use-After-Free, and Type Confusion) within their file parsing logic for the WRL format. Successfully exploiting these flaws by tricking a user into opening a malicious WRL file can lead to application crashes or potentially allow an attacker to execute arbitrary code in the context of the current process.
## Exploitation
- Status: PoC available (Implied by CVSS vector **E:P - Proof of Concept**)
- Complexity: Low (CVSS vector **AC:L**)
- Attack Vector: Local (CVSS vector **AV:L** - Requires user interaction, i.e., opening the file locally or on a shared network location)
## Impact
- Confidentiality: High (C:H)
- Integrity: High (I:H)
- Availability: High (A:H - Crash/Denial of Service potential)
## Remediation
### Patches
- **JT2Go**: Update to V14.3.0.1 or later.
- **Teamcenter Visualization V13.3**: Update to V13.3.0.12 or later.
- **Teamcenter Visualization V14.1**: Update to V14.1.0.11 or later.
- **Teamcenter Visualization V14.2**: Update to V14.2.0.6 or later.
- **Teamcenter Visualization V14.3**: Update to V14.3.0.1 or later.
- **Teamcenter Visualization V14.0**: Currently, no fix is planned.
### Workarounds
Siemens recommends following the "General Security Recommendations" and product-specific mitigations provided in the full advisory. General recommendations include:
1. Protecting network access to the devices with appropriate mechanisms.
2. Configuring the IT environment according to Siemens' operational guidelines for Industrial Security.
## Detection
- Indicators of compromise are linked to file processing events involving malicious WRL files being opened by the affected applications.
- Detection should focus on monitoring the execution paths of JT2Go and Teamcenter Visualization when processing untrusted WRL files. Standard file integrity monitoring and EDR solutions should flag unusual process behavior stemming from these applications.
## References
- Vendor Advisories: SSA-278349
- Relevant links - defanged:
- hxxps://cert-portal.siemens.com/productcert/html/ssa-278349.html
- hxxps://www.siemens.com/cert/operational-guidelines-industrial-security
- hxxps://www.siemens.com/industrialsecurity
- hxxps://www.siemens.com/term_s_of_use