Rewterz Threat Advisory – ICS: Multiple Siemens Teamcenter Visualization and JT2Go Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2023-51439 CVSS:7.8

Siemens Teamcenter Visualization and JT2Go could allow a remote attacker to execute arbitrary code on the system, caused by a out of bounds read. By persuading a victim to open a specially crafted CGM file, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2023-51744 CVSS:3.3

Siemens JT2Go and Teamcenter Visualization are vulnerable to a denial of service, caused by a null pointer dereference vulnerability while parsing specially crafted CGM files. By persuading a victim to open a specially crafted file, a remote attacker could exploit this vulnerability to cause a denial of service.

CVE-2023-51745 CVSS:7.8

Siemens Teamcenter Visualization and JT2Go could allow a remote attacker to execute arbitrary code on the system, caused by a stack-based overflow vulnerability. By persuading a victim to open a specially crafted CGM file, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2023-51746 CVSS:7.8

Siemens Teamcenter Visualization and JT2Go could allow a remote attacker to execute arbitrary code on the system, caused by a stack-based overflow vulnerability. By persuading a victim to open a specially crafted CGM file, an attacker could exploit this vulnerability to execute arbitrary code on the system.

Impact

• Denial of Service
• Code Execution

Indicators Of Compromise

CVE

• CVE-2023-51439
• CVE-2023-51744
• CVE-2023-51745
• CVE-2023-51746

Affected Vendors

Siemens

Affected Products

• Siemens Teamcenter Visualization 13.3.0.12
• Siemens Teamcenter Visualization 14.1.0.11
• Siemens Teamcenter Visualization 14.2.0.8
• Siemens Teamcenter Visualization 14.3.0.5

Remediation

Refer to Siemens Security Advisory for patch, upgrade or suggested workaround information.

Siemens Security Advisory