CVE-2021-34330 – This vulnerability allows remote code execution... (How to Fix)

Q: What is the severity of CVE-2021-34330?

CVE-2021-34330 has a CVSS score of 7.8 (HIGH). This vulnerability allows remote code execution via specially crafted JT files in Siemens JT2Go and Teamcenter Visualization software. Attackers can exploit improper validation in the Jt981.dll library to execute arbitrary code with the privileges of the current user. All versions before V13.2 of both applications are affected.

📋 TL;DR

This vulnerability allows remote code execution via specially crafted JT files in Siemens JT2Go and Teamcenter Visualization software. Attackers can exploit improper validation in the Jt981.dll library to execute arbitrary code with the privileges of the current user. All versions before V13.2 of both applications are affected.

💻 Affected Systems

Products:

Siemens JT2Go
Siemens Teamcenter Visualization

Versions: All versions before V13.2

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in the Jt981.dll library used by both applications when parsing JT files.

📦 What is this software?

Jt2go by Siemens

View all CVEs affecting Jt2go →

Teamcenter Visualization by Siemens

View all CVEs affecting Teamcenter Visualization →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with attacker gaining the same privileges as the user running the vulnerable application, potentially leading to data theft, lateral movement, or ransomware deployment.

🟠

Likely Case

Local user compromise through social engineering (opening malicious JT files), resulting in data exfiltration or malware installation.

🟢

If Mitigated

Limited impact with proper application sandboxing and user privilege restrictions, potentially only affecting the application process.

🌐 Internet-Facing: MEDIUM - While the vulnerability requires user interaction to open malicious files, these applications are commonly used in engineering environments that may process files from external sources.

🏢 Internal Only: HIGH - Internal users frequently exchange JT files in engineering workflows, making social engineering attacks highly plausible within organizations.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires user interaction to open malicious JT files. The vulnerability is a use-after-free (CWE-416) that can lead to arbitrary code execution.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: V13.2 or later

Vendor Advisory: https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf

Restart Required: Yes

Instructions:

1. Download and install JT2Go V13.2 or later from Siemens support portal. 2. Download and install Teamcenter Visualization V13.2 or later from Siemens support portal. 3. Restart affected systems after installation.

🔧 Temporary Workarounds

Restrict JT file handling

windows

Configure systems to open JT files only in patched applications or use alternative viewers

Use Windows Group Policy to modify file associations for .jt files

Application sandboxing

windows

Run vulnerable applications with reduced privileges using application control solutions

🧯 If You Can't Patch

Implement strict network segmentation to isolate systems running vulnerable software
Deploy application whitelisting to prevent execution of unauthorized code

🔍 How to Verify

Check if Vulnerable:

Check application version in Help > About menu. Versions below V13.2 are vulnerable.

Check Version:

For JT2Go: Check Help > About. For Teamcenter Visualization: Check Help > About.

Verify Fix Applied:

Verify installed version is V13.2 or later in Help > About menu.

📡 Detection & Monitoring

Log Indicators:

Application crashes when processing JT files
Unusual process creation from JT2Go or Teamcenter Visualization processes

Network Indicators:

Unexpected outbound connections from engineering workstations after JT file processing

SIEM Query:

Process creation where parent_process contains 'jt2go.exe' or 'visview.exe' and process_name not in approved_list

📊 Metadata

CVE ID: CVE-2021-34330

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-416

Published: July 13, 2021

Last Updated: November 21, 2024

🔗 References

https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-21-868/ Third Party Advisory,VDB Entry
https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-21-868/ Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-34330, you might also want to check these: