CVE-2023-28830

Q: How do I fix CVE-2023-28830?

1. Download the latest version from Siemens support portal. 2. Install the update following vendor instructions. 3. Restart the system. 4. Verify the patch is applied.

Q: What is the severity of CVE-2023-28830?

CVE-2023-28830 has a CVSS score of 7.8 (HIGH). A use-after-free vulnerability in Siemens JT2Go, Solid Edge, and Teamcenter Visualization applications allows remote code execution when parsing malicious ASM files. Attackers can execute arbitrary code with the privileges of the current process. Users of affected versions of these CAD/visualization software products are at risk.

7.8 HIGH

Remote Code Execution

📋 TL;DR

A use-after-free vulnerability in Siemens JT2Go, Solid Edge, and Teamcenter Visualization applications allows remote code execution when parsing malicious ASM files. Attackers can execute arbitrary code with the privileges of the current process. Users of affected versions of these CAD/visualization software products are at risk.

💻 Affected Systems

Products:

JT2Go
Solid Edge SE2022
Solid Edge SE2023
Teamcenter Visualization V13.2
Teamcenter Visualization V13.3
Teamcenter Visualization V14.1
Teamcenter Visualization V14.2

Versions: JT2Go < V14.2.0.5, Solid Edge SE2022 < V222.0 Update 13, Solid Edge SE2023 < V223.0 Update 4, Teamcenter Visualization V13.2 < V13.2.0.15, V13.3 < V13.3.0.11, V14.1 < V14.1.0.11, V14.2 < V14.2.0.5

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: All default installations of affected versions are vulnerable when processing ASM files.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise via remote code execution leading to data theft, ransomware deployment, or lateral movement within the network.

🟠

Likely Case

Local privilege escalation or application compromise leading to data exfiltration from CAD files and system manipulation.

🟢

If Mitigated

Limited impact with proper network segmentation, application sandboxing, and user privilege restrictions.

🌐 Internet-Facing: MEDIUM - Requires user interaction to open malicious files, but could be delivered via email or web downloads.

🏢 Internal Only: HIGH - CAD files are commonly shared internally; an attacker with internal access could easily exploit this.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires user interaction to open a malicious ASM file. No public exploit code is currently available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: JT2Go V14.2.0.5, Solid Edge SE2022 V222.0 Update 13, Solid Edge SE2023 V223.0 Update 4, Teamcenter Visualization V13.2 V13.2.0.15, V13.3 V13.3.0.11, V14.1 V14.1.0.11, V14.2 V14.2.0.5

Vendor Advisory: https://cert-portal.siemens.com/productcert/pdf/ssa-131450.pdf

Restart Required: Yes

Instructions:

1. Download the latest version from Siemens support portal. 2. Install the update following vendor instructions. 3. Restart the system. 4. Verify the patch is applied.

🔧 Temporary Workarounds

Restrict ASM file handling

windows

Block or restrict processing of ASM files through application settings or group policy.

Application sandboxing

windows

Run affected applications in isolated environments or with reduced privileges.

🧯 If You Can't Patch

Implement strict file validation for ASM files before opening
Use network segmentation to isolate CAD workstations from critical systems

🔍 How to Verify

Check if Vulnerable:

Check application version in Help > About or program properties against affected version ranges.

Check Version:

For Windows: Check program version in Control Panel > Programs and Features or application's About dialog.

Verify Fix Applied:

Confirm installed version matches or exceeds patched versions listed in vendor advisory.

📡 Detection & Monitoring

Log Indicators:

Application crashes when opening ASM files
Unexpected process creation from CAD applications
File access to suspicious ASM files

Network Indicators:

Downloads of ASM files from untrusted sources
Outbound connections from CAD applications to unknown IPs

SIEM Query:

Process creation events from jt2go.exe or solid edge executables followed by network connections or file writes

📊 Metadata

CVE ID: CVE-2023-28830

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-416

Published: August 8, 2023

Last Updated: November 21, 2024

🔗 References

https://cert-portal.siemens.com/productcert/pdf/ssa-131450.pdf Vendor Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-131450.pdf Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Jt2go by Siemens

Solid Edge Se2022 by Siemens

Solid Edge Se2022 by Siemens

Solid Edge Se2022 by Siemens

Solid Edge Se2022 by Siemens

Solid Edge Se2022 by Siemens

Solid Edge Se2022 by Siemens

Solid Edge Se2022 by Siemens

Solid Edge Se2022 by Siemens

Solid Edge Se2022 by Siemens

Solid Edge Se2022 by Siemens

Solid Edge Se2022 by Siemens

Solid Edge Se2022 by Siemens

Solid Edge Se2023 by Siemens

Solid Edge Se2023 by Siemens

Solid Edge Se2023 by Siemens

Solid Edge Se2023 by Siemens

Teamcenter Visualization by Siemens

Teamcenter Visualization by Siemens

Teamcenter Visualization by Siemens

Teamcenter Visualization by Siemens

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Restrict ASM file handling

Application sandboxing

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities