Siemens Teamcenter prior 12.4.0.13/13.0.0.9/13.1.0.9/13.3.0.3/14.0 Java EE Server Manager HTML Adaptor hard-coded credentials
CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
---|---|---|
7.0 | $0-$5k | 0.00 |
A vulnerability was found in Siemens Teamcenter. It has been classified as critical. This affects some unknown processing of the component Java EE Server Manager HTML Adaptor. The manipulation with an unknown input leads to a hard-coded credentials vulnerability. CWE is classifying the issue as CWE-798. The product contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. This is going to have an impact on confidentiality, integrity, and availability. The summary by CVE is:
A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.13), Teamcenter V13.0 (All versions < V13.0.0.9), Teamcenter V13.1 (All versions < V13.1.0.9), Teamcenter V13.2 (All versions), Teamcenter V13.3 (All versions < V13.3.0.3), Teamcenter V14.0 (All versions). Java EE Server Manager HTML Adaptor in Teamcenter consists of default hardcoded credentials. Access to the application allows a user to perform a series of actions that could potentially lead to remote code execution with elevated permissions.
The weakness was published 06/14/2022 as ssa-220589. It is possible to read the advisory at cert-portal.siemens.com. This vulnerability is uniquely identified as CVE-2022-31619 since 05/25/2022. The technical details are unknown and an exploit is not publicly available. The attack technique deployed by this issue is T1110.001 according to MITRE ATT&CK.
Upgrading to version 12.4.0.13, 13.0.0.9, 13.1.0.9, 13.3.0.3 or 14.0 eliminates this vulnerability.
Product
Vendor
Name
License
CPE 2.3
CPE 2.2
CVSSv4
VulDB CVSS-B Score: 🔍VulDB CVSS-BT Score: 🔍
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 7.3VulDB Meta Temp Score: 7.0
VulDB Base Score: 7.3
VulDB Temp Score: 7.0
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
AV | AC | Au | C | I | A |
---|---|---|---|---|---|
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
---|---|---|---|---|---|
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
Exploiting
Class: Hard-coded credentialsCWE: CWE-798 / CWE-259 / CWE-255
ATT&CK: T1110.001
Local: No
Remote: Yes
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
0-Day | unlock | unlock | unlock | unlock |
---|---|---|---|---|
Today | unlock | unlock | unlock | unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Upgrade: Teamcenter 12.4.0.13/13.0.0.9/13.1.0.9/13.3.0.3/14.0
Timeline
05/25/2022 🔍06/14/2022 🔍
06/14/2022 🔍
06/14/2022 🔍
Sources
Vendor: siemens.comAdvisory: ssa-220589
Status: Confirmed
CVE: CVE-2022-31619 (🔍)
Entry
Created: 06/14/2022 18:57Changes: 06/14/2022 18:57 (40)
Complete: 🔍
No comments yet. Languages: en.
Please log in to comment.