CVE-2021-44018 – A memory corruption vulnerability in Siemens JT... (How to Fix)

Q: What is the severity of CVE-2021-44018?

CVE-2021-44018 has a CVSS score of 7.8 (HIGH). A memory corruption vulnerability in Siemens JT2Go, Solid Edge, and Teamcenter Visualization products allows attackers to execute arbitrary code by tricking users into opening malicious PAR files. This affects users of these specific Siemens engineering software products running vulnerable versions. Successful exploitation could lead to complete system compromise.

📋 TL;DR

A memory corruption vulnerability in Siemens JT2Go, Solid Edge, and Teamcenter Visualization products allows attackers to execute arbitrary code by tricking users into opening malicious PAR files. This affects users of these specific Siemens engineering software products running vulnerable versions. Successful exploitation could lead to complete system compromise.

💻 Affected Systems

Products:

JT2Go
Solid Edge SE2021
Solid Edge SE2022
Teamcenter Visualization V13.1
Teamcenter Visualization V13.2
Teamcenter Visualization V13.3

Versions: All versions before JT2Go V13.2.0.7, Solid Edge SE2021 before SE2021MP9, Solid Edge SE2022 before SE2022MP1, Teamcenter Visualization V13.1 before V13.1.0.9, V13.2 before V13.2.0.7, V13.3 before V13.3.0.1

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in plmxmlAdapterSE70.dll library when parsing PAR files; requires user to open malicious file.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with the privileges of the current user, potentially leading to full system compromise, data theft, or lateral movement within the network.

🟠

Likely Case

Local user tricked into opening malicious PAR file leads to code execution in their context, potentially compromising their workstation and credentials.

🟢

If Mitigated

Limited to user-level access if proper application sandboxing and least privilege principles are implemented.

🌐 Internet-Facing: MEDIUM - Requires user interaction (opening malicious file) but could be delivered via email or web downloads.

🏢 Internal Only: HIGH - Engineering environments often have elevated privileges and sensitive data; successful exploitation could lead to significant internal compromise.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires user interaction (opening malicious PAR file); no public exploit available but vulnerability is well-documented.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: JT2Go V13.2.0.7, Solid Edge SE2021 MP9, Solid Edge SE2022 MP1, Teamcenter Visualization V13.1.0.9, V13.2.0.7, V13.3.0.1

Vendor Advisory: https://cert-portal.siemens.com/productcert/pdf/ssa-301589.pdf

Restart Required: Yes

Instructions:

1. Download appropriate patch from Siemens support portal. 2. Close all affected applications. 3. Install the update. 4. Restart system. 5. Verify version is updated.

🔧 Temporary Workarounds

Block PAR file execution

windows

Prevent execution of PAR files via application control or file blocking

Using Windows AppLocker or similar: Create rule to block *.par files

User awareness training

all

Train users not to open PAR files from untrusted sources

🧯 If You Can't Patch

Implement application whitelisting to prevent unauthorized code execution
Restrict user privileges to limit potential damage from exploitation

🔍 How to Verify

Check if Vulnerable:

Check installed version of affected Siemens software against vulnerable version ranges

Check Version:

Check Help > About in each application or use Windows Programs and Features

Verify Fix Applied:

Verify software version matches or exceeds patched versions listed in fix_official section

📡 Detection & Monitoring

Log Indicators:

Application crashes when opening PAR files
Unexpected process creation from Siemens applications

Network Indicators:

Downloads of PAR files from untrusted sources
Outbound connections from Siemens applications to unusual destinations

SIEM Query:

Process creation where parent process contains 'jt2go' or 'solid edge' and child process is suspicious

📊 Metadata

CVE ID: CVE-2021-44018

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-125

Published: February 9, 2022

Last Updated: November 21, 2024

🔗 References

https://cert-portal.siemens.com/productcert/pdf/ssa-301589.pdf Patch,Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-22-340/ Third Party Advisory,VDB Entry
https://cert-portal.siemens.com/productcert/pdf/ssa-301589.pdf Patch,Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-22-340/ Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-44018, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Jt2go by Siemens

Solid Edge by Siemens

Solid Edge by Siemens

Solid Edge by Siemens

Solid Edge by Siemens

Solid Edge by Siemens

Solid Edge by Siemens

Solid Edge by Siemens

Solid Edge by Siemens

Solid Edge by Siemens

Solid Edge by Siemens

Teamcenter Visualization by Siemens

Teamcenter Visualization by Siemens

Teamcenter Visualization by Siemens

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Block PAR file execution

User awareness training

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities