ICSA-21-222-01 — Vulnetix

ICSA-21-222-01 PUBLISHED CVSS 7.800000190734863 HIGH

Siemens has released version V13.2.0.1 for JT2Go and Teamcenter Visualization to fix multiple vulnerabilities that could be triggered when the products read files in different file formats (CGM, DGN, DXF, and DWG). If a user is tricked to open a malicious file with the affected products, this could lead the application to crash or potentially arbitrary code execution. Siemens recommends to update to the latest versions and to limit opening of untrusted files from unknown sources in the affected products. Note: - This advisory also covers security vulnerabilities recently disclosed by Open Design Alliance [0] [0] https://www.opendesign.com/security-advisories

Risk Scores

CVSS v3.1

7.800000190734863

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

Affected Products

Vendor	Product	Versions
	JT2Go
	Teamcenter Visualization

Timeline

Aug 10, 2021 CVE Published
May 6, 2025 CVE Updated

References

https://cert-portal.siemens.com/productcert/csaf/ssa-365397.json advisory
https://cert-portal.siemens.com/productcert/txt/ssa-365397.txt advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-365397.pdf advisory
https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2021/icsa-21-222-01.json advisory
https://www.cisa.gov/news-events/ics-advisories/icsa-21-222-01 advisory
https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01 url
https://www.cisa.gov/resources-tools/resources/ics-recommended-practices url
https://www.cisa.gov/topics/industrial-control-systems url
https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf url
https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf url
https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B url
https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html fix

Open in Interactive Console →