CVE-2024-41902 Siemens CVE debrief

Who should care

Organizations using Siemens JT2Go for 3D visualization in engineering, manufacturing, or industrial environments should prioritize patching. Security teams in OT/ICS environments should assess exposure and apply mitigations where patching is delayed.

Technical summary

CVE-2024-41902 is a stack-based buffer overflow vulnerability in Siemens JT2Go, a visualization application for 3D JT data. The flaw exists in the PDF parsing component and can be triggered when the application processes a maliciously crafted PDF file. Successful exploitation results in arbitrary code execution within the context of the current process. The vulnerability has a CVSS 3.1 score of 7.8 (HIGH) with a local attack vector, low attack complexity, no privileges required, and user interaction required. Siemens has released version V2406.0003 to remediate this issue. CISA published advisory ICSA-24-284-07 on October 8, 2024, with an update on May 6, 2025.

Defensive priority

HIGH

Recommended defensive actions

• Update Siemens JT2Go to version V2406.0003 or later to address the vulnerability
• If immediate patching is not feasible, remove PDFJTExtractor.exe from the installation directory as a temporary mitigation
• Implement user training to avoid opening untrusted PDF files in affected applications
• Apply defense-in-depth strategies for industrial control systems environments per CISA guidance
• Monitor for suspicious PDF file handling activity in JT2Go deployments

Evidence notes

Vulnerability details sourced from CISA CSAF advisory ICSA-24-284-07 and Siemens security advisory SSA-626178. CVSS 3.1 vector AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H confirms local attack vector with high impact on confidentiality, integrity, and availability.

Official resources