OTPulse

Siemens Teamcenter

Plan PatchCVSS 7.8ICS-CERT ICSA-22-132-16May 10, 2022
Siemens
Attack path
Attack VectorLocal
Auth RequiredNone
ComplexityLow
User InteractionRequired
Summary

Siemens Teamcenter is affected by two vulnerabilities: an XML External Entity Injection (XXE, CVE-2022-29801) and a stack-based buffer overflow (CVE-2022-24290). The XXE vulnerability impacts Teamcenter versions before V13.1. Both vulnerabilities allow a local attacker to achieve arbitrary code execution. Siemens has released patches for all affected versions: Teamcenter V12.4 (update to 12.4.0.13 or later), V13.0 (update to 13.0.0.9 or later), V13.1 (update to 13.1.0.9 or later), V13.2 (update to 13.2.0.8 or later), V13.3 (update to 13.3.0.3 or later), and V14.0 (update to 14.0.0.2 or later).

What this means
What could happen
An attacker with local access to a Teamcenter workstation could execute arbitrary code through a buffer overflow or XXE injection, potentially compromising engineering data or interrupting design and manufacturing planning workflows. Depending on how Teamcenter is integrated with production systems, this could indirectly impact manufacturing operations.
Who's at risk
Organizations using Siemens Teamcenter for product lifecycle management, design engineering, and manufacturing planning are affected. This includes design teams, manufacturing engineering departments, and any operations that rely on Teamcenter for managing product data and workflows. Affected versions span V12.4 through V14.0.
How it could be exploited
An attacker with local access to a Teamcenter workstation could trigger a stack-based buffer overflow or supply a malicious XML file to exploit XXE. Both require user interaction or local presence on the host machine running Teamcenter. The attacker could then execute code with the privileges of the Teamcenter application user.
Prerequisites
  • Local access to a Teamcenter workstation or server
  • User interaction to open a malicious file or trigger the buffer overflow (for XXE in versions before V13.1)
  • Vulnerable Teamcenter version installed
Local access required (limits remote risk)User interaction required for exploitationAffects multiple product versionsStack-based buffer overflow (CWE-121) can lead to code execution
Exploitability
Unlikely to be exploited — EPSS score 0.7%
Affected products (6)
6 with fix
ProductAffected VersionsFix Status
Teamcenter V12.4<V12.4.0.1312.4.0.13
Teamcenter V13.0<V13.0.0.913.0.0.9
Teamcenter V13.1All versions13.1.0.9
Teamcenter V13.2<V13.2.0.813.2.0.8
Teamcenter V13.3<V13.3.0.313.3.0.3
Teamcenter V14.0<V14.0.0.214.0.0.2
Remediation & Mitigation
0/8
Do now
0/1
HARDENINGRestrict local access to Teamcenter hosts to trusted personnel only
Schedule — requires maintenance window
0/6

Patching may require device reboot — plan for process interruption

Teamcenter V12.4
HOTFIXUpdate Teamcenter V12.4 to version 12.4.0.13 or later
Teamcenter V13.0
HOTFIXUpdate Teamcenter V13.0 to version 13.0.0.9 or later
Teamcenter V13.1
HOTFIXUpdate Teamcenter V13.1 to version 13.1.0.9 or later
Teamcenter V13.2
HOTFIXUpdate Teamcenter V13.2 to version 13.2.0.8 or later
Teamcenter V13.3
HOTFIXUpdate Teamcenter V13.3 to version 13.3.0.3 or later
Teamcenter V14.0
HOTFIXUpdate Teamcenter V14.0 to version 14.0.0.2 or later
Long-term hardening
0/1
HARDENINGIsolate Teamcenter network from the business network and the Internet using firewalls
View full CISA ICS-CERT advisory
API: /api/v1/advisories/31b329a1-05ac-47a6-9f37-9ec7c9c773f4

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.

Siemens Teamcenter | CVSS 7.8 - OTPulse