image credit: Pxhere

Siemens Patches 21 More File Parsing Vulnerabilities in PLM Products

February 11, 2021

The biggest advisory covers 21 security holes affecting JT2Go, a 3D viewing tool for JT data (ISO-standardized 3D data format), and Teamcenter Visualization, which provides organizations visualization solutions for documents, 2D drawings and 3D models. These products are made by Siemens Digital Industries Software, which specializes in product lifecycle management (PLM) solutions.

All of these vulnerabilities are related to how certain types of files are parsed by these products. An attacker can exploit them for arbitrary code execution, data extraction and DoS attacks if they can trick the targeted user into opening a malicious file.

Read More on Security Week