CVE-2021-34306: 
Siemens JT2Go vulnerability analysis and mitigation

CVE-2021-34306 is a memory corruption vulnerability affecting Siemens JT2Go software. The vulnerability was discovered in the BMP_Loader.dll library when parsing BMP files, and was disclosed on July 13, 2021. The issue affects all versions of JT2Go prior to v13.2 and Teamcenter Visualization prior to v13.2 (CISA Advisory).

The vulnerability exists due to improper validation of user-supplied data when parsing BMP files in the BMP_Loader.dll library, which can result in a memory corruption condition. It has been assigned a CVSS v3 base score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), indicating high severity (ZDI Advisory).

Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code in the context of the current process. The vulnerability requires user interaction, specifically opening a malicious file, to be exploited (ZDI Advisory).

Siemens has released updates to address this vulnerability. Users should update to JT2Go v13.2 or Teamcenter Visualization v13.2. As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms and following their Operational Guidelines for Industrial Security (CISA Advisory).