Full Report
Siemens Teamcenter Visualization and JT2Go are affected by multiple file parsing vulnerabilities that could be triggered when the application reads malicious CGM files. If a user is tricked to open a malicious CGM file with the affected products, this could lead the application to crash or potentially lead to arbitrary code execution. Siemens has released new versions for the affected products and recommends to update to the latest versions.
Analysis Summary
# Vulnerability: Multiple File Parsing Flaws in Siemens JT2Go and Teamcenter Visualization
## CVE Details
- **CVE ID:** CVE-2023-51439, CVE-2023-51744, CVE-2023-51745, CVE-2023-51746
- **CVSS Score:** Up to 7.8 (High)
- **CWE:**
- CWE-125: Out-of-bounds Read
- CWE-476: NULL Pointer Dereference
- CWE-121: Stack-based Buffer Overflow
## Affected Systems
- **Products:**
- JT2Go
- Teamcenter Visualization (V13.3, V14.1, V14.2, V14.3)
- **Versions:**
- JT2Go: All versions < V14.3.0.6
- Teamcenter Visualization V13.3: All versions < V13.3.0.13
- Teamcenter Visualization V14.1: All versions < V14.1.0.12
- Teamcenter Visualization V14.2: All versions < V14.2.0.9
- Teamcenter Visualization V14.3: All versions < V14.3.0.6
- **Configurations:** Systems where users open Computer Graphics Metafile (CGM) files from untrusted sources.
## Vulnerability Description
The affected applications contain multiple memory safety vulnerabilities within their CGM file parsing logic. Specifically:
- **Stack-based Buffer Overflows (CVE-2023-51745, CVE-2023-51746):** Improper validation of data length when copying to the stack.
- **Out-of-bounds Read (CVE-2023-51439):** Reading past the end of an allocated structure.
- **NULL Pointer Dereference (CVE-2023-51744):** Attempting to read from a null pointer, typically resulting in a crash.
## Exploitation
- **Status:** PoC available (indicated by CVSS "Exploit Code Maturity: Functional/Proof-of-Concept").
- **Complexity:** Low
- **Attack Vector:** Local (Requires user interaction to open a malicious file).
## Impact
- **Confidentiality:** High (Potential for information disclosure or helping bypass exploit mitigations).
- **Integrity:** High (Potential for arbitrary code execution).
- **Availability:** High (Application crash/Denial of Service).
## Remediation
### Patches
Siemens recommends updating to the following versions or later:
- **JT2Go:** V14.3.0.6
- **Teamcenter Visualization V13.3:** V13.3.0.13
- **Teamcenter Visualization V14.1:** V14.1.0.12
- **Teamcenter Visualization V14.2:** V14.2.0.9
- **Teamcenter Visualization V14.3:** V14.3.0.6
### Workarounds
- **Strict File Handling:** Do not open untrusted or suspicious CGM files.
- **Environment Hardening:** Follow Siemens' operational guidelines for Industrial Security to protect the IT environment.
## Detection
- **Indicators of Compromise:** Unexpected application crashes (Access Violations) when opening CGM files.
- **Detection methods:** File integrity monitoring for unauthorized changes to application binaries and network-level inspection for the delivery of malicious CGM attachments.
## References
- **Vendor Advisory:** hxxps://cert-portal.siemens[.]com/productcert/html/ssa-794653.html
- **Product Support:** hxxps://support.sw.siemens[.]com/
- **Industrial Security Guidelines:** hxxps://www.siemens[.]com/cert/operational-guidelines-industrial-security