Full Report
Siemens Teamcenter Visualization and JT2Go are affected by an out of bounds read vulnerability in the APDFL library from Datalogics. If a user is tricked to open a malicious PDF file with the affected products, this could lead the application to crash or potentially lead to arbitrary code execution. Siemens has released new versions for the affected products and recommends to update to the latest versions.
Analysis Summary
# Vulnerability: Out of Bounds Read in Datalogics APDFL Library Used by Siemens PLM Tools
## CVE Details
- CVE ID: CVE-2023-7066
- CVSS Score: 7.8 (High) based on v3.1; 7.3 (High) based on v4.0
- CWE: CWE-125: Out-of-bounds Read
## Affected Systems
- Products:
- Siemens JT2Go
- Siemens Teamcenter Visualization (Versions V14.1, V14.2, V14.3, V2312)
- Versions:
- JT2Go: All versions < V14.3.0.8
- Teamcenter Visualization V14.1: All versions < V14.1.0.14
- Teamcenter Visualization V14.2: All versions < V14.2.0.10
- Teamcenter Visualization V14.3: All versions < V14.3.0.8
- Teamcenter Visualization V2312: All versions < V2312.0002
- Configurations: Opening a maliciously crafted PDF file using the affected applications.
## Vulnerability Description
The vulnerability exists within the Datalogics APDFL library, a component used by the affected Siemens products for file parsing. Specifically, it is an out-of-bounds read past the end of an allocated structure encountered during the parsing of specially crafted PDF files. Successful exploitation could lead to application crashes (denial of service) or potentially allow for arbitrary code execution in the context of the current process.
## Exploitation
- Status: PoC available (Implied by the technical risk description of arbitrary code execution from the vulnerability type provided in the advisory, though not explicitly stated as "PoC available," the possibility of RCE suggests exploitability via crafted files.)
- Complexity: Low (CVSS AV:L/AC:L/PR:N/UI:R implies Local access might be required for exploitation logic via file opening, but requires user interaction (UI:R) to open the malicious file.)
- Attack Vector: Local (The attack requires the user to open the malicious file within the application.)
## Impact
- Confidentiality: High (Arbitrary code execution can lead to unauthorized data access)
- Integrity: High (Arbitrary code execution can lead to unauthorized data modification)
- Availability: High (The vulnerability can cause the application to crash, resulting in denial of service)
## Remediation
### Patches
Customers must update to the fixed versions listed below:
- **JT2Go:** Update to V14.3.0.8 or later.
- **Teamcenter Visualization V14.1:** Update to V14.1.0.14 or later.
- **Teamcenter Visualization V14.2:** Update to V14.2.0.10 or later.
- **Teamcenter Visualization V14.3:** Update to V14.3.0.8 or later.
- **Teamcenter Visualization V2312:** Update to V2312.0002 or later.
### Workarounds
- **Primary Mitigation:** Do not open untrusted PDF files using the affected applications (JT2Go or Teamcenter Visualization).
## Detection
- Indicators of compromise are typically application crashes or unexpected process termination related to the file parsing routines when processing PDF inputs.
- Detection methods center on monitoring file access and application security logs for anomalous behavior when handling PDF files originating from untrusted sources. Application integrity checks can also be used.
## References
- Vendor Advisory: https://cert-portal.siemens.com/productcert/html/ssa-722010.html
- Datalogics APDFL Release Notes: https://docs.datalogics.com/apdfl18/Release_Notes.html
- General Siemens Industrial Security: https://www.siemens.com/industrialsecurity