A vulnerability was found in Siemens Teamcenter. It has been classified as critical. This affects some unknown processing of the component Java EE Server Manager HTML Adaptor. The manipulation with an unknown input leads to a hard-coded credentials vulnerability. CWE is classifying the issue as CWE-798. The product contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. This is going to have an impact on confidentiality, integrity, and availability. The summary by CVE is:

A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.13), Teamcenter V13.0 (All versions < V13.0.0.9), Teamcenter V13.1 (All versions < V13.1.0.9), Teamcenter V13.2 (All versions), Teamcenter V13.3 (All versions < V13.3.0.3), Teamcenter V14.0 (All versions). Java EE Server Manager HTML Adaptor in Teamcenter consists of default hardcoded credentials. Access to the application allows a user to perform a series of actions that could potentially lead to remote code execution with elevated permissions.

The weakness was published 06/14/2022 as ssa-220589. It is possible to read the advisory at cert-portal.siemens.com. This vulnerability is uniquely identified as CVE-2022-31619 since 05/25/2022. The technical details are unknown and an exploit is not publicly available. The attack technique deployed by this issue is T1110.001 according to MITRE ATT&CK.

Upgrading to version 12.4.0.13, 13.0.0.9, 13.1.0.9, 13.3.0.3 or 14.0 eliminates this vulnerability.

Productinfo

Vendor

• Siemens

Name

• Teamcenter

License

• commercial

CPE 2.3info

• 🔍

CPE 2.2info

• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion