Full Report
Siemens Teamcenter Visualization and JT2Go are affected by stack buffer overflow and null pointer dereference vulnerabilities that could be triggered while parsing XML file. If a user is tricked to open a malicious XML file with any of the affected products, this could cause the application to crash or potentially lead to arbitrary code execution. Siemens has released new versions for the affected products and recommends to update to the latest versions.
Analysis Summary
# Vulnerability: XML File Parsing Vulnerabilities in Siemens Teamcenter Visualization and JT2Go
## CVE Details
- **CVE ID:** CVE-2024-37996, CVE-2024-37997
- **CVSS Score:**
- CVE-2024-37997: 7.8 (High) - CVSS v3.1
- CVE-2024-37996: 3.3 (Low) - CVSS v3.1
- **CWE:**
- CWE-121: Stack-based Buffer Overflow (CVE-2024-37997)
- CWE-476: NULL Pointer Dereference (CVE-2024-37996)
## Affected Systems
- **Products:**
- JT2Go
- Teamcenter Visualization (V14.2, V14.3, V2312, V2406)
- **Versions:**
- JT2Go: All versions < V2406.0003
- Teamcenter Visualization V14.2: All versions < V14.2.0.13
- Teamcenter Visualization V14.3: All versions < V14.3.0.11
- Teamcenter Visualization V2312: All versions < V2312.0008
- Teamcenter Visualization V2406: All versions < V2406.0003
- **Configurations:** Systems where users open XML files from untrusted sources.
## Vulnerability Description
The affected applications contain flaws in how they parse XML files.
- **CVE-2024-37997:** A stack-based buffer overflow exists that can be triggered by a specially crafted XML file. If processed, this can overwrite memory on the program stack.
- **CVE-2024-37996:** A NULL pointer dereference occurs during the parsing of malicious XML files, leading to an illegal memory access.
## Exploitation
- **Status:** Not exploited (No widespread in-the-wild exploitation or public PoC mentioned in advisory).
- **Complexity:** Low (Technical execution is straightforward if the user opens the file).
- **Attack Vector:** Local (Requires a user to manually open a malicious file; User Interaction is Required).
## Impact
- **Confidentiality:** High (Potential for arbitrary code execution to steal data).
- **Integrity:** High (Potential to modify system files via code execution).
- **Availability:** High (Application crash or total system compromise).
## Remediation
### Patches
Siemens recommends updating to the following versions or later:
- **JT2Go:** V2406.0003
- **Teamcenter Visualization V14.2:** V14.2.0.13
- **Teamcenter Visualization V14.3:** V14.3.0.11
- **Teamcenter Visualization V2312:** V2312.0008
- **Teamcenter Visualization V2406:** V2406.0003
### Workarounds
- **Avoid untrusted files:** Do not open XML files from unknown or untrusted sources.
- **Apply General Isolation:** Follow Siemens' operational guidelines for Industrial Security to protect the IT environment.
## Detection
- **Indicators of Compromise:** Unexpected application crashes (hanging or termination) specifically when opening XML-based project data or configurations.
- **Detection methods:** Monitor for unusual child processes spawning from `JT2Go.exe` or Teamcenter Visualization binaries.
## References
- **Siemens Security Advisory:** hxxps://cert-portal.siemens[.]com/productcert/html/ssa-959281.html
- **JT2Go Product Page:** hxxps://plm.sw.siemens[.]com/en-US/plm-components/jt/jt2go/
- **Siemens Support Portal:** hxxps://support.sw.siemens[.]com/product/229029598/