Fortinet's FortiGuard Labs has discovered an out-of-bound read vulnerability in Drawings SDK which are used by Siemens JT2Go and Teamcenter Visualization.
Siemens JT2Go is a 3D JT viewing tool for the field of industrial drawing.
Siemens Teamcenter Visualization is an intuitive and easy-to-use solution that enables enterprise users to access documents, 2D drawings and 3D models in a single environment.
FortiGuard Labs has discovered an out-of-bounds read vulnerability in Drawings SDK which affects Siemens JT2Go and Teamcenter Visualization. The vulnerability is caused by a crafted "DWG" file which causes an out-of-bound read. It could allow malicious users to create code execution scenarios.
SolutionsFortiGuard Labs released the following FortiGate IPS signature which covers this specific vulnerability:
Released Jun 23, 2022
Users should apply the solution provided by Siemens.
Fortinet reported the vulnerability to Siemens on January 11, 2022.
Siemens confirmed the vulnerability on January 21, 2022.
Siemens patched the vulnerability on July 12, 2022.