CVE-2021-44014: 
Siemens JT2Go vulnerability analysis and mitigation

A use-after-free vulnerability has been identified in JT Open (All versions < V11.1.1.0), JT Utilities (All versions < V13.1.1.0), and Solid Edge (All versions < V2023). The vulnerability exists in the Jt1001.dll component and can be triggered while parsing specially crafted JT files (Siemens Advisory, ZDI Advisory).

The vulnerability is classified as a use-after-free (CWE-416) issue that occurs within the parsing of JT files. The specific flaw exists due to the lack of validating the existence of an object prior to performing operations on the object. The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (High) with the vector string: AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (CISA Advisory, ZDI Advisory).

Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code in the context of the current process. This could potentially lead to full system compromise if the affected application is running with elevated privileges (ZDI Advisory).

Siemens recommends updating to the following versions: JT Open to V11.1.1.0 or later, JT Utilities to V13.1.1.0 or later, and Solid Edge to V2023 or later. As a general security measure, Siemens strongly recommends protecting network access with appropriate mechanisms and following their operational guidelines for industrial security (Siemens Advisory).