VDB
ICSA-21-040-06
ICSA-21-040-06
PUBLISHED
CVSS 7.800000190734863 HIGH
Siemens has released version V13.1.0.2 for JT2Go and Teamcenter Visualization to fix multiple vulnerabilities that could be triggered when the products read files in ASM and PAR file formats. If a user is tricked to opening of a malicious file with the affected products, this could lead to application crash, or potentially arbitrary code execution or data extraction on the target host system. Siemens recommends to update to the latest versions and to limit opening of untrusted files from unknown sources in the affected products.
Risk Scores
CVSS 3.1
7.800000190734863
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| JT2Go | ||
| Teamcenter Visualization |
Timeline
- May 17, 2021 CVE Published
- May 6, 2025 CVE Updated
References
- https://cert-portal.siemens.com/productcert/csaf/ssa-695540.json advisory
- https://cert-portal.siemens.com/productcert/txt/ssa-695540.txt advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-695540.pdf advisory
- https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2021/icsa-21-040-06.json advisory
- https://www.cisa.gov/news-events/ics-advisories/icsa-21-040-06 advisory
- https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01 url
- https://www.cisa.gov/resources-tools/resources/ics-recommended-practices url
- https://www.cisa.gov/topics/industrial-control-systems url
- https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf url
- https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf url
- https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B url
- https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html fix