Security News > 2021 > January > Tens of Vulnerabilities in Siemens PLM Products Allow Code Execution
Siemens this week informed customers that some of its product development solutions are affected by a total of nearly two dozen vulnerabilities that can be exploited for arbitrary code execution using malicious files.
Siemens and CISA have published one advisory for 18 vulnerabilities affecting Siemens JT2Go, a 3D viewing tool for JT data, and Teamcenter Visualization, which provides organizations visualization solutions for documents, 2D drawings and 3D models.
A second advisory was published for six vulnerabilities affecting Siemens Solid Edge, a solution that provides software tools for 3D design, simulation and manufacturing.
A vast majority of the vulnerabilities are high-severity issues that can result in arbitrary code execution in the context of the targeted process.
The code execution flaws are related to improper validation of user-supplied data when parsing certain types of files, which leads to a memory corruption vulnerability.
The second advisory informs customers of a high-severity code execution vulnerability in Operator Terminal Expert and Pro-face BLUE products.