CVE-2021-44013 – This vulnerability allows remote code execution... (How to Fix)

Q: What is the severity of CVE-2021-44013?

CVE-2021-44013 has a CVSS score of 7.8 (HIGH). This vulnerability allows remote code execution through specially crafted JT files in Siemens JT2Go and Teamcenter Visualization software. Attackers can exploit an out-of-bounds write vulnerability in DL180pdfl.dll to execute arbitrary code with the privileges of the current process. All users of affected versions are at risk.

📋 TL;DR

This vulnerability allows remote code execution through specially crafted JT files in Siemens JT2Go and Teamcenter Visualization software. Attackers can exploit an out-of-bounds write vulnerability in DL180pdfl.dll to execute arbitrary code with the privileges of the current process. All users of affected versions are at risk.

💻 Affected Systems

Products:

Siemens JT2Go
Siemens Teamcenter Visualization

Versions: All versions before V13.2.0.5

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in the DL180pdfl.dll component when parsing JT files.

📦 What is this software?

Jt2go by Siemens

View all CVEs affecting Jt2go →

Teamcenter Visualization by Siemens

View all CVEs affecting Teamcenter Visualization →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise allowing attacker to install malware, steal data, or pivot to other systems in the network.

🟠

Likely Case

Malicious code execution leading to data theft, ransomware deployment, or system disruption.

🟢

If Mitigated

Limited impact if proper network segmentation and file validation controls prevent malicious JT files from reaching vulnerable systems.

🌐 Internet-Facing: MEDIUM - Requires user interaction to open malicious JT files, but could be delivered via email or web downloads.

🏢 Internal Only: HIGH - Internal users could inadvertently open malicious JT files from compromised sources or phishing campaigns.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires user interaction to open a malicious JT file. No public exploit code is available, but the vulnerability is documented by ZDI.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: V13.2.0.5 or later

Vendor Advisory: https://cert-portal.siemens.com/productcert/pdf/ssa-595101.pdf

Restart Required: Yes

Instructions:

1. Download V13.2.0.5 or later from Siemens support portal. 2. Install the update following vendor instructions. 3. Restart affected systems.

🔧 Temporary Workarounds

Disable JT file association

windows

Prevent JT files from automatically opening in vulnerable applications

Use Windows File Association settings to change default program for .jt files

Application whitelisting

windows

Restrict execution of JT2Go and Teamcenter Visualization to trusted locations only

Configure Windows AppLocker or similar whitelisting solution

🧯 If You Can't Patch

Implement strict network segmentation to isolate vulnerable systems
Deploy email/web filtering to block malicious JT files and educate users about the risk

🔍 How to Verify

Check if Vulnerable:

Check software version in Help > About in JT2Go or Teamcenter Visualization

Check Version:

Not applicable - check via application GUI

Verify Fix Applied:

Confirm version is V13.2.0.5 or later in application about dialog

📡 Detection & Monitoring

Log Indicators:

Application crashes in JT2Go or Teamcenter Visualization
Unusual process creation from these applications

Network Indicators:

Downloads of JT files from untrusted sources
Outbound connections from these applications to suspicious IPs

SIEM Query:

Process creation where parent process contains 'jt2go' or 'teamcenter' AND child process is suspicious

📊 Metadata

CVE ID: CVE-2021-44013

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-787

Published: December 14, 2021

Last Updated: November 21, 2024

🔗 References

https://cert-portal.siemens.com/productcert/pdf/ssa-595101.pdf Patch,Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-22-009/ Third Party Advisory,VDB Entry
https://cert-portal.siemens.com/productcert/pdf/ssa-595101.pdf Patch,Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-22-009/ Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-44013, you might also want to check these: