PatchSiren cyber security CVE debrief
CVE-2024-34085 Siemens CVE debrief
CVE-2024-34085 is a stack overflow vulnerability in Siemens JT2Go and Teamcenter Visualization products, published on 2024-05-14. The vulnerability exists in the XML parsing functionality of affected applications, where specially crafted XML files can trigger a stack overflow condition. This local attack vector requires user interaction to open a malicious file, but successful exploitation could result in arbitrary code execution with the privileges of the current process. The CVSS 3.1 score of 7.8 (HIGH) reflects significant confidentiality, integrity, and availability impacts. Siemens has released patched versions for all affected product lines, and CISA has issued advisory ICSA-24-137-03 coordinating public disclosure.
- Vendor
- Siemens
- Product
- JT2Go
- CVSS
- HIGH 7.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-05-14
- Original CVE updated
- 2024-05-14
- Advisory published
- 2024-05-14
- Advisory updated
- 2024-05-14
Who should care
Organizations using Siemens JT2Go for JT file viewing or Teamcenter Visualization for product lifecycle management in engineering and manufacturing environments. Particularly relevant for OT/ICS environments where these tools are deployed on engineering workstations with access to critical design data. Security teams responsible for software supply chain and vendor risk management should prioritize patching given the high impact potential and availability of public fixes.
Technical summary
The vulnerability stems from insufficient input validation during XML file parsing in Siemens visualization applications. When a specially crafted XML file is opened, excessive nesting or malformed structure triggers stack exhaustion, potentially overwriting return addresses and enabling arbitrary code execution. The attack requires local access with user interaction (opening a malicious file), but no privileges are needed to trigger the vulnerability. The affected codebase appears shared across the JT2Go and Teamcenter Visualization product families, as evidenced by coordinated patching across all versions.
Defensive priority
HIGH
Recommended defensive actions
- Apply vendor patches: Update JT2Go to V2312.0001 or later; update Teamcenter Visualization V14.1 to V14.1.0.13 or later, V14.2 to V14.2.0.10 or later, V14.3 to V14.3.0.7 or later, and V2312 to V2312.0001 or later
- Implement user awareness training to prevent opening of untrusted XML files in affected applications
- Consider application whitelisting and least-privilege execution to limit impact of potential exploitation
- Monitor for suspicious XML file handling in engineering workstations running affected Siemens products
- Review and apply CISA ICS recommended practices for defense-in-depth strategies in OT environments
Evidence notes
Vulnerability details sourced from CISA CSAF advisory ICSA-24-137-03 and Siemens security advisory SSA-661579. Affected products confirmed through CSAF product tree with five distinct product identifiers. CVSS vector AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H indicates local attack vector with user interaction required but high impact upon successful exploitation.
Official resources
-
CVE-2024-34085 CVE record
CVE.org
-
CVE-2024-34085 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-05-14