Full Report
Teamcenter Visualization and JT2Go are affected by multiple file parsing vulnerabilities that could be triggered when the application reads malicious CGM or XML files. If a user is tricked to open a malicious file with the affected products, this could lead the application to crash or potentially lead to arbitrary code execution. Siemens has released new versions for the affected products and recommends to update to the latest versions.
Analysis Summary
# Vulnerability: Multiple File Parsing Flaws in Siemens Teamcenter Visualization and JT2Go
## CVE Details
- CVE ID: CVE-2024-34085, CVE-2024-34086
- CVSS Score: 7.8 (CVSS v3.1 High) / 7.3 (CVSS v4.0 High)
- CWE: CWE-121 (CVE-2024-34085: Stack-based Buffer Overflow), CWE-787 (CVE-2024-34086: Out-of-bounds Write)
## Affected Systems
- Products: JT2Go, Teamcenter Visualization
- Versions:
- **JT2Go:** All versions < V2312.0001
- **Teamcenter Visualization V14.1:** All versions < V14.1.0.13
- **Teamcenter Visualization V14.2:** All versions < V14.2.0.10
- **Teamcenter Visualization V14.3:** All versions < V14.3.0.7
- **Teamcenter Visualization V2312:** All versions < V2312.0001
- Configurations: Triggered when the application parses a specially crafted (malicious) file.
## Vulnerability Description
Two distinct file parsing vulnerabilities exist within Siemens Teamcenter Visualization and JT2Go:
1. **CVE-2024-34085 (XML Parsing):** A stack overflow vulnerability occurs when parsing specially crafted XML files.
2. **CVE-2024-34086 (CGM Parsing):** An out-of-bounds write vulnerability occurs when parsing specially crafted CGM files.
Successful exploitation of either flaw could allow an attacker to execute arbitrary code in the context of the user running the vulnerable application process.
## Exploitation
- Status: Not explicitly stated if exploited in the wild, but advisories for code execution potential imply exploitability.
- Complexity: Low (CVSS v3.1 Attack Complexity 'AC:L' suggests low complexity, though CVSS v4.0 suggests High)
- Attack Vector: Local (AV:L) - Requires a user to open the malicious file.
## Impact
- Confidentiality: High
- Integrity: High
- Availability: High (due to potential crash or full code execution control)
## Remediation
### Patches
Customers must update to the following versions or later:
* **JT2Go:** Update to V2312.0001 or later.
* **Teamcenter Visualization V14.1:** Update to V14.1.0.13 or later.
* **Teamcenter Visualization V14.2:** Update to V14.2.0.10 or later.
* **Teamcenter Visualization V14.3:** Update to V14.3.0.7 or later.
* **Teamcenter Visualization V2312:** Update to V2312.0001 or later.
### Workarounds
* **CVE-2024-34085 Mitigation:** Do not open untrusted XML files in affected applications.
* **CVE-2024-34086 Mitigation:** Do not open untrusted CGM files in affected applications.
* Implement general security strengthening measures, including restricting network access and following Siemens' operational guidelines for Industrial Security.
## Detection
- **Indicators of Compromise:** Observation of unexpected application termination (crashes) during file open operations, or suspicious process activity spawned by Teamcenter Visualization or JT2Go.
- **Detection Methods and Tools:** Standard Endpoint Detection and Response (EDR) or application monitoring might flag unusual memory operations (stack overflows, out-of-bounds writes) related to these executables when processing untrusted files.
## References
- Vendor Advisories: SSA-661579
- Relevant links - defanged:
- Siemens Cert Portal Advisory: cert-portal.siemens.com/productcert/html/ssa-661579.html
- Siemens Industrial Security Guidelines: www.siemens.com/cert/operational-guidelines-industrial-security