CVE-2024-37997 Siemens CVE debrief

Who should care

Organizations using Siemens JT2Go or Teamcenter Visualization for CAD data visualization, particularly in industrial and manufacturing environments where these tools process JT (Jupiter Tessellation) files and associated XML metadata. Security teams in OT/ICS environments should prioritize patching due to the potential for code execution in engineering workstations.

Technical summary

The vulnerability exists in the XML parsing functionality of affected Siemens applications. When a specially crafted XML file is opened, insufficient bounds checking leads to a stack-based buffer overflow. This memory corruption condition can be leveraged to execute arbitrary code with the privileges of the user running the application. The attack vector is local, requiring an attacker to deliver a malicious file to a victim and convince them to open it in the vulnerable application.

Defensive priority

HIGH

Recommended defensive actions

• Apply vendor patches: Update JT2Go to V2406.0003 or later; Update Teamcenter Visualization V14.2 to V14.2.0.13 or later; Update Teamcenter Visualization V14.3 to V14.3.0.11 or later; Update Teamcenter Visualization V2312
• to V2312.0008 or later; Update Teamcenter Visualization V2406 to V2406.0003 or later
• Implement user training to avoid opening untrusted XML files in affected applications
• Apply defense-in-depth controls for industrial control systems environments per CISA recommended practices

Evidence notes

The vulnerability description and affected products are derived from CISA ICS Advisory ICSA-24-284-03, which references Siemens Security Advisory SSA-959281. The CVSS vector (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) indicates local attack vector with low complexity, no privilege requirements, but requiring user interaction. The source was last modified on 2025-05-06 to fix typos.

Official resources