Siemens Teamcenter Active Workspace
Monitor6.8ICS-CERT ICSA-21-350-18Dec 14, 2021
Attack VectorNetwork
Auth RequiredHigh
ComplexityLow
User InteractionRequired
Summary
A zip path traversal vulnerability in Teamcenter Active Workspace allows an attacker with high privileges and user interaction to extract files to arbitrary locations on the server. By crafting a malicious ZIP file with path traversal sequences (CWE-22), an attacker could bypass file validation, write files to system directories, and execute arbitrary code. This affects Teamcenter Active Workspace versions 4.3 (before 4.3.11), 5.0 (before 5.0.10), 5.1 (before 5.1.6), and 5.2 (before 5.2.3).
What this means
What could happen
An attacker with high privileges and user interaction could upload a malicious ZIP file that exploits path traversal to write files anywhere on the Teamcenter server, potentially executing arbitrary code and compromising the entire system. This could disrupt product lifecycle management operations and allow access to sensitive design and manufacturing data.
Who's at risk
This affects any organization using Siemens Teamcenter Active Workspace for product design, engineering data management, and manufacturing planning. Primary users include automotive, aerospace, industrial equipment, and heavy manufacturing companies where design teams and engineering workstations interact with the Teamcenter server.
How it could be exploited
An attacker with administrative or engineering credentials must trick an authorized user into uploading a specially crafted ZIP file containing path traversal sequences (e.g., ../) through the Teamcenter Active Workspace interface. The file extraction process does not properly validate paths, allowing the attacker to write files to system directories and achieve remote code execution on the server.
Prerequisites
- Valid administrative or high-privilege Teamcenter credentials
- Network access to Teamcenter Active Workspace web interface
- Ability to socially engineer an authorized user to upload malicious ZIP file
Remotely exploitableRequires high privileges and user interactionLow complexity attackZIP path traversal is a well-known attack classNo public exploits yetAffects engineering/design data systems
Exploitability
Low exploit probability (EPSS 0.8%)
Affected products (4)
4 with fix
ProductAffected VersionsFix Status
Teamcenter Active Workspace V4.3<V4.3.114.3.11
Teamcenter Active Workspace V5.0<V5.0.105.0.10
Teamcenter Active Workspace V5.1<V5.1.65.1.6
Teamcenter Active Workspace V5.2<V5.2.35.2.3
Remediation & Mitigation
0/4
Do now
0/1HARDENINGRestrict network access to Teamcenter Active Workspace to authorized engineering workstations only using firewall rules; do not expose to the Internet or untrusted networks
Schedule — requires maintenance window
0/2Patching may require device reboot — plan for process interruption
HOTFIXUpdate Teamcenter Active Workspace to patched versions: v4.3.11, v5.0.10, v5.1.6, or v5.2.3 or later
HARDENINGHarden the application host to prevent unauthorized local access
Long-term hardening
0/1HARDENINGIsolate Teamcenter network from business network using a DMZ or air-gapped engineering network
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/737f130e-f0ee-4609-af0f-7584dd95b125