Full Report
Siemens Teamcenter Visualization and JT2Go are affected by multiple file parsing vulnerabilities that could be triggered when the application reads malicious CGM files. If a user is tricked to open a malicious CGM file with the affected products, this could lead the application to crash or potentially lead to arbitrary code execution. Siemens has released updates for the affected products and recommends to update to the latest versions.
Analysis Summary
# Vulnerability: Multiple File Parsing Flaws in Siemens JT2Go and Teamcenter Visualization
## CVE Details
- **CVE ID:** CVE-2023-33121, CVE-2023-33122, CVE-2023-33123, CVE-2023-33124
- **CVSS Score:** 7.8 (High) - Maximum base score across the group
- **CWE:**
- CWE-476: NULL Pointer Dereference
- CWE-125: Out-of-bounds Read
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
## Affected Systems
- **Products:**
- JT2Go
- Teamcenter Visualization (V13.2, V13.3, V14.0, V14.1, V14.2)
- **Versions:**
- JT2Go: All versions < V14.2.0.3
- Teamcenter Visualization V13.2: All versions < V13.2.0.13
- Teamcenter Visualization V13.3: All versions < V13.3.0.10
- Teamcenter Visualization V14.0: All versions < V14.0.0.6
- Teamcenter Visualization V14.1: All versions < V14.1.0.8
- Teamcenter Visualization V14.2: All versions < V14.2.0.3
- **Configurations:** Systems where users open Computer Graphics Metafile (CGM) files.
## Vulnerability Description
The affected applications contain multiple memory safety vulnerabilities within their CGM file parsing engine. These include NULL pointer dereferences, out-of-bounds reads, and general memory corruption defects. When the application processes a specially crafted CGM file, the lack of proper validation can lead to an application crash (Denial of Service), sensitive information disclosure from memory, or arbitrary code execution in the context of the current process.
## Exploitation
- **Status:** PoC available (indicated by CVSS "E:P" exploit code maturity)
- **Complexity:** Low
- **Attack Vector:** Local (Requires user interaction to open a malicious file)
## Impact
- **Confidentiality:** High (Critical vulnerabilities allow data disclosure and code execution)
- **Integrity:** High (Memory corruption allows for state/process modification)
- **Availability:** High (Vulnerabilities can result in application crashes/DoS)
## Remediation
### Patches
Siemens recommends updating to the following versions or later:
- **JT2Go:** V14.2.0.3 (Note: Advisory also mentions V14.1.0.4)
- **Teamcenter Visualization V13.2:** V13.2.0.13
- **Teamcenter Visualization V13.3:** V13.3.0.10
- **Teamcenter Visualization V14.0:** V14.0.0.6
- **Teamcenter Visualization V14.1:** V14.1.0.8
- **Teamcenter Visualization V14.2:** V14.2.0.3
### Workarounds
- Do not open untrusted or suspicious CGM files.
- Apply general security measures to protect network access and follow Siemens' operational guidelines for Industrial Security.
## Detection
- **Indicators of Compromise:** Unexpected application crashes of `JT2Go.exe` or Teamcenter Visualization components when opening `.cgm` files.
- **Detection methods:** Monitor for unusual process behavior following the opening of external CAD/graphic files. Utilize endpoint detection and response (EDR) tools to identify typical exploitation patterns (e.g., buffer overflows or shellcode execution attempts).
## References
- **Vendor Advisory:** hxxps[://]cert-portal[.]siemens[.]com/productcert/pdf/ssa-538795[.]pdf
- **Siemens ProductCERT:** hxxps[://]www[.]siemens[.]com/cert/advisories
- **JT2Go Product Page:** hxxps[://]www[.]plm[.]automation[.]siemens[.]com/global/en/products/plm-components/jt2go[.]html