SIEMENS-SSA-622830 · Published 2021-05-17 · View on Siemens ProductCERT ↗

SSA-622830 V1.2 (Last Update: 2021-05-17): Multiple File Parsing Vulnerabilities in JT2Go and Teamcenter Visualization before V13.1.0

CVSS 8.8 HIGH

Risk Summary

Siemens has released version V13.1.0 for JT2Go and Teamcenter Visualization to fix multiple vulnerabilities that could be triggered when the products read files in different file formats (JT, XML, CG4, CGM, PDF, RGB, SGI, TGA, PAR, PCX). If a user is tricked to opening of a malicious file with the affected products, this could lead to application crash, or potentially arbitrary code execution or data extraction on the target host system. Siemens recommends to update to the latest versions and to limit opening of untrusted files from unknown sources in the affected products. Please refer to SSA-663999 [0] and SSA-695540 [1] for further information regarding later version updates. Note: Previous versions of this advisory also contained the vulnerabilities CVE-2020-26989, CVE-2020-26990, and CVE-2020-28383 (now addressed in [0]) and CVE-2020-26991 (now addressed in [1]). [0] <a href="https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf">https://cert-porta

CVEs (4)

CVE-2020-26989 CVE-2020-26990 CVE-2020-28383 CVE-2020-26991

Remediations

Refer to Siemens ProductCERT advisory for patch and remediation guidance.

Affected Vendors

Siemens

Affected Products (1)

Siemens · SSA-622830 V1.2 (Last Update: 2021-05-17): Multiple File Parsing Vulnerabilities in JT2Go and Teamcenter Visualization before V13.1.0 See advisory

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more