ICSA-21-012-03 · Published 2021-05-27 · View on CISA ICS-CERT ↗

Siemens JT2Go and Teamcenter Visualization (Update B)

CVSS 7.8 HIGH

Risk Summary

Successful exploitation of these vulnerabilities could lead to arbitrary code execution.

CVEs (14)

CVE-2020-26980 CVE-2020-26981 CVE-2020-26982 CVE-2020-26983 CVE-2020-26984 CVE-2020-26985 CVE-2020-26986 CVE-2020-26987 CVE-2020-26988 CVE-2020-26992 CVE-2020-26993 CVE-2020-26994 CVE-2020-26995 CVE-2020-26996

Remediations

Siemens recommends the following:
For additional information refer to SSA-622830,SSA-663999,and SSA-695540
Siemens strongly recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens ' operational guidelines for Industrial Security and follow the recommendations in the product manuals.
Additional information on industrial security by Siemens can be found at: https://www.siemens.com/Industrialsecurity

Affected Vendors

Siemens

Affected Products (4)

Siemens · JT2Go < 13.1.0

Siemens · Teamcenter Visualization < 13.1.0

Siemens · JT2Go 13.1.0 (Only affected by CVE-2020-26989 CVE-2020-26990 CVE-2020-26991)

Siemens · Teamcenter Visualization 13.1.0 (Only affected by CVE-2020-26989 CVE-2020-26990 CVE-2020-26991)

Affected Sectors

Critical Manufacturing

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more