Full Report
Siemens Teamcenter Visualization and JT2Go are affected by a memory corruption vulnerability in the APDFL library from Datalogics. If a user is tricked to open a malicious PDF file with the affected products, this could lead the application to crash or potentially lead to arbitrary code execution. Siemens has released updates for the affected products and recommends to update to the latest versions.
Analysis Summary
# Vulnerability: Datalogics APDFL Memory Corruption in Siemens JT2Go and Teamcenter Visualization
## CVE Details
- **CVE ID:** CVE-2023-1709
- **CVSS Score:** 7.8 (High)
- **Vector:** CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
- **CWE:** CWE-121 (Stack-based Buffer Overflow)
## Affected Systems
- **Products:** JT2Go and Teamcenter Visualization
- **Versions:**
- **JT2Go:** All versions < V14.2.0.2
- **Teamcenter Visualization V13.2:** All versions < V13.2.0.13
- **Teamcenter Visualization V13.3:** All versions < V13.3.0.9
- **Teamcenter Visualization V14.0:** All versions < V14.0.0.5
- **Teamcenter Visualization V14.1:** All versions < V14.1.0.7
- **Teamcenter Visualization V14.2:** All versions < V14.2.0.2
- **Configurations:** Systems utilizing the `APDFL.dll` library for PDF parsing.
## Vulnerability Description
A memory corruption vulnerability exists within the `APDFL.dll` (Adobe PDF Library) provided by Datalogics and integrated into Siemens products. The flaw is specifically a stack-based buffer overflow that occurs when the library attempts to parse a specially crafted PDF file.
## Exploitation
- **Status:** Proof of Concept (PoC) available (denoted by "E:P" in the CVSS vector).
- **Complexity:** Low
- **Attack Vector:** Local (Requires a user to open a malicious file).
- **User Interaction:** Required (A user must be tricked into opening a malicious PDF).
## Impact
- **Confidentiality:** High (Potential for unauthorized information access via code execution).
- **Integrity:** High (Potential for unauthorized modification of data).
- **Availability:** High (Can lead to application crashes and Denial of Service).
## Remediation
### Patches
Siemens recommends updating to the following versions:
- **JT2Go:** Update to V14.2.0.2 or later.
- **Teamcenter Visualization V13.2:** Update to V13.2.0.13 or later.
- **Teamcenter Visualization V13.3:** Update to V13.3.0.9 or later.
- **Teamcenter Visualization V14.0:** Update to V14.0.0.5 or later.
- **Teamcenter Visualization V14.1:** Update to V14.1.0.7 or later.
- **Teamcenter Visualization V14.2:** Update to V14.2.0.2 or later.
### Workarounds
- Avoid opening any untrusted or suspicious PDF files within the affected JT2Go and Teamcenter Visualization software.
- Apply general industrial security operational guidelines to restrict environment access.
## Detection
- **Indicators of Compromise:** Unusual application crashes when processing PDF files; unexpected outbound network traffic stemming from the visualization process.
- **Detection Methods:** Monitor for non-standard PDF file structures using file integrity scanners; employ endpoint detection and response (EDR) tools to monitor for buffer overflow attempts in `APDFL.dll`.
## References
- **Siemens Advisory:** hxxps://cert-portal.siemens.com/productcert/pdf/ssa-629917.pdf
- **Datalogics Release Notes:** hxxps://dev.datalogics.com/adobe-pdf-library/release-notes-adobe-pdf-library-v-18/
- **Siemens Support Portal:** hxxps://support.sw.siemens.com/