PatchSiren cyber security CVE debrief
CVE-2023-7066 Siemens CVE debrief
CVE-2023-7066 is a high-severity out-of-bounds read vulnerability in Siemens JT2Go and Teamcenter Visualization products, published on 2024-07-09 and last modified on 2024-08-13. The vulnerability exists in the PDF parsing functionality of affected applications, where an out-of-bounds read past the end of an allocated structure can occur when processing specially crafted PDF files. This memory safety defect could allow an attacker to execute arbitrary code within the context of the current process. The CVSS 3.1 score of 7.8 reflects high impacts to confidentiality, integrity, and availability, with a local attack vector requiring user interaction to open a malicious file. The vulnerability affects five product variants: JT2Go, Teamcenter Visualization V14.1, V14.2, V14.3, and V2312. Siemens has released patched versions for all affected products, and CISA has published coordinated guidance without adding this issue to the Known Exploited Vulnerabilities catalog.
- Vendor
- Siemens
- Product
- JT2Go
- CVSS
- HIGH 7.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-07-09
- Original CVE updated
- 2024-08-13
- Advisory published
- 2024-07-09
- Advisory updated
- 2024-08-13
Who should care
Organizations using Siemens JT2Go or Teamcenter Visualization for CAD data exchange and visualization in engineering, manufacturing, and industrial environments. Security teams in OT/ICS environments where these applications may process externally sourced PDF documentation. Asset owners should prioritize patching due to the high CVSS score and potential for code execution through a common file format.
Technical summary
The vulnerability stems from improper bounds checking during PDF structure parsing in Siemens visualization applications. When a specially crafted PDF file is opened, the parser may read beyond allocated memory boundaries, potentially corrupting process state and enabling arbitrary code execution. The attack requires local access with user interaction (opening a malicious file), but successful exploitation grants high-impact capabilities within the user process context. The underlying issue appears related to third-party PDF library components, as indicated by Datalogics APDFL release notes referenced in advisory updates.
Defensive priority
high
Recommended defensive actions
- Apply vendor patches: Update JT2Go to V14.3.0.8 or later; update Teamcenter Visualization V14.1 to V14.1.0.14 or later, V14.2 to V14.2.0.10 or later, V14.3 to V14.3.0.8 or later, and V2312 to V2312.0002 or later.
- Implement user awareness training to prevent opening untrusted PDF files in affected applications until patches are deployed.
- Apply defense-in-depth controls for industrial control systems environments per CISA recommended practices.
- Monitor for anomalous process behavior in JT2Go and Teamcenter Visualization applications that may indicate exploitation attempts.
Evidence notes
Vulnerability description and affected products confirmed through CISA CSAF advisory ICSA-24-193-03. Remediation guidance and version specifics sourced from Siemens ProductCERT advisory SSA-722010. CVSS vector and scoring details from CISA CSAF source. Timeline dates per CVE record: published 2024-07-09, modified 2024-08-13.
Official resources
-
CVE-2023-7066 CVE record
CVE.org
-
CVE-2023-7066 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Coordinated disclosure through CISA ICS advisory ICSA-24-193-03 and Siemens ProductCERT SSA-722010.