CVE-2024-26275
📋 TL;DR
This vulnerability allows remote code execution through specially crafted X_T files in Siemens JT2Go, Parasolid, and Teamcenter Visualization software. An attacker could execute arbitrary code in the context of the current process by exploiting an out-of-bounds read vulnerability. Organizations using affected versions of these Siemens CAD/visualization products are at risk.
💻 Affected Systems
- JT2Go
- Parasolid V35.1
- Parasolid V36.0
- Parasolid V36.1
- Teamcenter Visualization V14.2
- Teamcenter Visualization V14.3
- Teamcenter Visualization V2312
📦 What is this software?
Jt2go by Siemens
Parasolid by Siemens
Parasolid by Siemens
Parasolid by Siemens
⚠️ Risk & Real-World Impact
Worst Case
Full system compromise with attacker gaining the same privileges as the user running the vulnerable application, potentially leading to data theft, lateral movement, or ransomware deployment.
Likely Case
Local privilege escalation or arbitrary code execution on systems where users open malicious X_T files, potentially leading to data exfiltration or persistence establishment.
If Mitigated
Limited impact with proper application sandboxing, file validation, and user privilege restrictions preventing system-wide compromise.
🎯 Exploit Status
Exploitation requires user interaction to open a malicious X_T file. No public exploit code is currently available.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: JT2Go V2312.0004; Parasolid V35.1 V35.1.254; Parasolid V36.0 V36.0.207; Parasolid V36.1 V36.1.147; Teamcenter Visualization V14.2 V14.2.0.12; Teamcenter Visualization V14.3 V14.3.0.9; Teamcenter Visualization V2312 V2312.0004
Vendor Advisory: https://cert-portal.siemens.com/productcert/html/ssa-222019.html
Restart Required: Yes
Instructions:
1. Download the latest version from Siemens support portal. 2. Backup current installation. 3. Run the installer with administrative privileges. 4. Restart the system after installation completes.
🔧 Temporary Workarounds
Restrict X_T file processing
allBlock or restrict processing of X_T files through application policies or file type restrictions
Application sandboxing
allRun vulnerable applications in isolated environments or with reduced privileges
🧯 If You Can't Patch
- Implement strict file validation for X_T files before opening
- Use application allowlisting to prevent unauthorized software execution
🔍 How to Verify
Check if Vulnerable:
Check the installed version against affected version ranges in the application's About or Help menuCheck Version:
Application-specific: Typically found in Help > About or via Windows/Linux package manager queriesVerify Fix Applied:
Verify the installed version matches or exceeds the patched version numbers listed in the fix section📡 Detection & Monitoring
Log Indicators:
- Application crashes when processing X_T files
- Unusual process creation from CAD applications
- Failed file parsing attempts
Network Indicators:
- Unexpected outbound connections from CAD applications
- File downloads of X_T files from untrusted sources
SIEM Query:
Process creation events from jt2go.exe, parasolid.exe, or teamcenter visualization executables followed by network connections or file writes