← Back to home
SIEMENS-SSA-365397  ·  Published 2021-08-10  ·  View on Siemens ProductCERT ↗

SSA-365397 V1.0: Multiple File Parsing Vulnerabilities in JT2Go and Teamcenter Visualization before V13.2.0.1

CVSS N/A MEDIUM

Risk Summary

<p>Siemens has released version V13.2.0.1 for JT2Go and Teamcenter Visualization to fix multiple vulnerabilities that could be triggered when the products read files in different file formats (CGM, DGN, DXF, and DWG). If a user is tricked to open a malicious file with the affected products, this could lead the application to crash or potentially arbitrary code execution.</p> <p>Siemens recommends to update to the latest versions and to limit opening of untrusted files from unknown sources in the affected products.</p> <p>Note:</p> <ul> <li>This advisory also covers security vulnerabilities recently disclosed by Open Design Alliance [0]</li> </ul> <p>[0] <a href="https://www.opendesign.com/security-advisories">https://www.opendesign.com/security-advisories</a></p>

Remediations

  • Refer to Siemens ProductCERT advisory for patch and remediation guidance.

Affected Vendors

Siemens

Affected Products (1)

Siemens · SSA-365397 V1.0: Multiple File Parsing Vulnerabilities in JT2Go and Teamcenter Visualization before V13.2.0.1 See advisory

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more