Full Report
Teamcenter Visualization and JT2Go are affected by out of bounds read and null pointer dereference vulnerabilities that could be triggered when the application reads files in X_T format. If a user is tricked to open a malicious file with the affected applications, an attacker could leverage the vulnerability to perform remote code execution in the context of the current process. Siemens has released new versions for the affected products and recommends to update to the latest versions.
Analysis Summary
# Vulnerability: X\_T File Parsing Vulnerabilities in Teamcenter Visualization and JT2Go
## CVE Details
- CVE ID: CVE-2024-32635, CVE-2024-32636, CVE-2024-32637
- CVSS Score: 7.8 (CVSS v3.1) / 7.3 (CVSS v4.0) (High for CVE-2024-32635/636; Medium for CVE-2024-32637)
- CWE: CWE-125 (Out-of-bounds Read), CWE-476 (NULL Pointer Dereference)
## Affected Systems
- Products: JT2Go, Teamcenter Visualization (V14.2, V14.3, V2312)
- Versions:
- JT2Go: All versions < V2312.0005
- Teamcenter Visualization V14.2: All versions < V14.2.0.12
- Teamcenter Visualization V14.3: All versions < V14.3.0.10
- Teamcenter Visualization V2312: All versions < V2312.0005
- Configurations: Triggered when the application reads files in X\_T format.
## Vulnerability Description
Multiple vulnerabilities exist due to improper handling of specially crafted X\_T files:
1. **CVE-2024-32635 & CVE-2024-32636 (Out-of-bounds Read):** Parsing malicious X\_T files can lead to an out-of-bounds read past the end of an allocated structure. This can potentially lead to Remote Code Execution (RCE) in the context of the current process if exploited successfully.
2. **CVE-2024-32637 (Null Pointer Dereference):** Parsing malicious X\_T files can cause a null pointer dereference, leading to an application crash (Denial of Service).
## Exploitation
- Status: Not explicitly stated as exploited in the wild, but due to RCE potential, assumed to be high risk. PoC equivalent implied by nature of vulnerability.
- Complexity: Low/Medium (Implied by CVSS vectors: Attack Vector is Local (AV:L) for all, requiring user interaction (UI:R)).
- Attack Vector: Local (AV:L). Exploitation requires a user to be tricked into opening the malicious file locally within the application context.
## Impact
- Confidentiality: High (For CVE-2024-32635/636 via RCE)
- Integrity: High (For CVE-2024-32635/636 via RCE)
- Availability: Low/Medium (For CVE-2024-32637 via DoS)
## Remediation
### Patches
The user must update to the versions listed below or later:
- **JT2Go:** Update to V2312.0005 or later.
- **Teamcenter Visualization V14.2:** Update to V14.2.0.12 or later.
- **Teamcenter Visualization V14.3:** Update to V14.3.0.10 or later.
- **Teamcenter Visualization V2312:** Update to V2312.0005 or later.
### Workarounds
- **Primary Workaround for all CVEs:** Do not open untrusted X\_T files in affected applications.
- Follow general security recommendations provided by Siemens, including protecting network access to devices.
## Detection
- Indicators of Compromise: Attempts to read or process X\_T files from untrusted sources, application crashes (especially during file parsing), or unexpected process behavior linked to file opening events.
- Detection methods and tools: Monitor application execution contexts for crashes or unexpected memory access patterns when processing X\_T files.
## References
- Vendor Advisories: Siemens Security Advisory SSA-856475
- Relevant links - defanged:
- hxxps://cert-portal.siemens.com/productcert/html/ssa-856475.html
- hxxps://www.siemens.com/cert/operational-guidelines-industrial-security