Full Report
Teamcenter Visualization and JT2Go are affected by out of bounds read, stack exhaustion and null pointer dereference vulnerabilities that could be triggered when the application reads files in X_T format. If a user is tricked to open a malicious file with the affected applications, an attacker could leverage the vulnerability to perform remote code execution in the context of the current process. Siemens has released new versions for the affected products and recommends to update to the latest versions.
Analysis Summary
# Vulnerability: X\_T File Parsing Vulnerabilities in Teamcenter Visualization and JT2Go
## CVE Details
- CVE ID: CVE-2024-26275, CVE-2024-26276, CVE-2024-26277
- CVSS Score:
- **CVE-2024-26275 (RCE flaw):** 7.8 (High) (CVSS v3.1) / 7.3 (CVSS v4.0)
- **CVE-2024-26276 (Stack Exhaustion):** 3.3 (Low) (CVSS v3.1) / 4.8 (CVSS v4.0)
- **CVE-2024-26277 (NPD):** 3.3 (Low) (CVSS v3.1) / 4.8 (CVSS v4.0)
- CWE: CWE-125 (Out-of-bounds Read), CWE-770 (Allocation of Resources Without Limits or Throttling), CWE-476 (NULL Pointer Dereference)
## Affected Systems
- Products: JT2Go, Teamcenter Visualization (V14.2, V14.3, V2312)
- Versions:
- **JT2Go:** All versions < V2312.0004
- **Teamcenter Visualization V14.2:** All versions < V14.2.0.12
- **Teamcenter Visualization V14.3:** All versions < V14.3.0.9
- **Teamcenter Visualization V2312:** All versions < V2312.0004
- Configurations: Vulnerabilities are triggered when the application reads files in **X\_T format**.
## Vulnerability Description
Multiple vulnerabilities exist in the parsing logic for X\_T format files within Teamcenter Visualization and JT2Go. These include:
1. **Out of Bounds Read (CVE-2024-26275):** Allows an attacker to read memory beyond allocated buffers. This can potentially lead to Remote Code Execution (RCE).
2. **Stack Exhaustion (CVE-2024-26276):** Triggered when parsing specially crafted X\_T files, potentially leading to a Denial of Service (DoS).
3. **Null Pointer Dereference (CVE-2024-26277):** Triggered when parsing specially crafted X\_T files, leading to an application crash (DoS).
## Exploitation
- Status: **PoC available** (Implied by the nature of the flaws and CVSS vector requiring user interaction)
- Complexity (for RCE):
- **CVE-2024-26275 CVSS v3.1 Vector suggests:** AC:L (Low Attack Complexity), UI:R (User Interaction Required).
- Attack Vector: Local or Remote, requiring the user to open a malicious file.
- Impact:
- **Confidentiality:** High (due to potential OOB Read leading to RCE)
- **Integrity:** High (due to potential RCE)
- **Availability:** High (due to Denial of Service conditions from stack exhaustion/NPD)
## Remediation
### Patches
Users must update to the following versions or later:
- **JT2Go:** Update to **V2312.0004** or later.
- **Teamcenter Visualization V14.2:** Update to **V14.2.0.12** or later.
- **Teamcenter Visualization V14.3:** Update to **V14.3.0.9** or later.
- **Teamcenter Visualization V2312:** Update to **V2312.0004** or later.
### Workarounds
- Do not open untrusted X\_T files in Teamcenter Visualization or JT2Go.
- Apply general security recommendations provided by Siemens for protecting network access.
## Detection
- Detection strategies were not explicitly detailed but should focus on monitoring processes executing Teamcenter Visualization or JT2Go attempting to load or parse X\_T files originating from untrusted sources. Anomalous crashes or unexpectedly high resource usage during file loading could be indicators.
## References
- Siemens Advisory: SSA-771940
- Siemens ProductCERT Advisories: hxxps://www.siemens.com/cert/advisories
- Siemens Industrial Security Guidelines: hxxps://www.siemens.com/cert/operational-guidelines-industrial-security