Siemens Teamcenter Active Workspace

Monitor6.1ICS-CERT ICSA-21-194-11Jul 13, 2021

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

Siemens Teamcenter Active Workspace versions before 4.3.9, 5.0.7, and 5.1.4 contain multiple vulnerabilities: information disclosure (CWE-200) allowing unauthorized access to sensitive data, reflected cross-site scripting (CWE-79) that can steal user sessions and credentials when users click malicious links, and information exposure in error messages (CWE-209). An attacker could craft a link or file that, when opened by a logged-in user, executes JavaScript in their browser context to harvest session tokens or project data, or reveal sensitive information through error responses.

What this means

What could happen

An attacker could view sensitive information stored in Teamcenter Active Workspace or inject malicious scripts that execute when other users view crafted content, potentially stealing credentials or session data.

Who's at risk

Manufacturing and engineering organizations that use Siemens Teamcenter Active Workspace to manage product lifecycle data, CAD files, and project documentation. This impacts design engineers, project managers, and anyone accessing the system to view or modify engineering data and design specifications.

How it could be exploited

An attacker sends a user a link containing malicious script or convinces them to open an untrusted file in Teamcenter Active Workspace. The application reflects the script in the user's browser without sanitizing input, allowing the attacker to steal session tokens or sensitive project data visible to that user.

Prerequisites

User must click on attacker-provided link or open untrusted file in Teamcenter Active Workspace
User must be logged into Teamcenter Active Workspace with valid credentials
Teamcenter Active Workspace must be network-accessible to the attacker or user

Requires user interaction (clicking link or opening file)Low attack complexityInformation disclosure (sensitive data exposure)Vendor patches available

Exploitability

Low exploit probability (EPSS 0.5%)

Affected products (3)

3 with fix

ProductAffected VersionsFix Status

Teamcenter Active Workspace V4<V4.3.94.3.9

Teamcenter Active Workspace V5.0<V5.0.75.0.7

Teamcenter Active Workspace V5.1<V5.1.45.1.4

Remediation & Mitigation

0/6

Do now

0/1

WORKAROUNDEducate users to avoid opening untrusted files and clicking suspicious links in Teamcenter Active Workspace

Schedule — requires maintenance window

0/3

Patching may require device reboot — plan for process interruption

Teamcenter Active Workspace V4

HOTFIXUpdate Teamcenter Active Workspace V4 to version 4.3.9 or later

Teamcenter Active Workspace V5.0

HOTFIXUpdate Teamcenter Active Workspace V5.0 to version 5.0.7 or later

Teamcenter Active Workspace V5.1

HOTFIXUpdate Teamcenter Active Workspace V5.1 to version 5.1.4 or later

Long-term hardening

0/2

HARDENINGRestrict network access to Teamcenter Active Workspace—do not expose it directly to the Internet; use firewall rules to limit access to authorized engineering networks only

HARDENINGRequire VPN or secured remote access methods for any off-site access to Teamcenter Active Workspace

CVEs (3)

CVE-2021-33709 CVE-2021-33710 CVE-2021-33711

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/d4607209-e761-4fcd-9f10-48cdcc4d9dea