Siemens Teamcenter
Plan Patch7.8ICS-CERT ICSA-22-132-16May 10, 2022
Attack VectorLocal
Auth RequiredNone
ComplexityLow
User InteractionRequired
Summary
Siemens Teamcenter is affected by two vulnerabilities: an XML External Entity Injection (XXE, CVE-2022-29801) and a stack-based buffer overflow (CVE-2022-24290). The XXE vulnerability impacts Teamcenter versions before V13.1. Both vulnerabilities allow a local attacker to achieve arbitrary code execution. Siemens has released patches for all affected versions: Teamcenter V12.4 (update to 12.4.0.13 or later), V13.0 (update to 13.0.0.9 or later), V13.1 (update to 13.1.0.9 or later), V13.2 (update to 13.2.0.8 or later), V13.3 (update to 13.3.0.3 or later), and V14.0 (update to 14.0.0.2 or later).
What this means
What could happen
An attacker with local access to a Teamcenter workstation could execute arbitrary code through a buffer overflow or XXE injection, potentially compromising engineering data or interrupting design and manufacturing planning workflows. Depending on how Teamcenter is integrated with production systems, this could indirectly impact manufacturing operations.
Who's at risk
Organizations using Siemens Teamcenter for product lifecycle management, design engineering, and manufacturing planning are affected. This includes design teams, manufacturing engineering departments, and any operations that rely on Teamcenter for managing product data and workflows. Affected versions span V12.4 through V14.0.
How it could be exploited
An attacker with local access to a Teamcenter workstation could trigger a stack-based buffer overflow or supply a malicious XML file to exploit XXE. Both require user interaction or local presence on the host machine running Teamcenter. The attacker could then execute code with the privileges of the Teamcenter application user.
Prerequisites
- Local access to a Teamcenter workstation or server
- User interaction to open a malicious file or trigger the buffer overflow (for XXE in versions before V13.1)
- Vulnerable Teamcenter version installed
Local access required (limits remote risk)User interaction required for exploitationAffects multiple product versionsStack-based buffer overflow (CWE-121) can lead to code execution
Exploitability
Low exploit probability (EPSS 0.7%)
Affected products (6)
6 with fix
ProductAffected VersionsFix Status
Teamcenter V12.4<V12.4.0.1312.4.0.13
Teamcenter V13.0<V13.0.0.913.0.0.9
Teamcenter V13.1All versions13.1.0.9
Teamcenter V13.2<V13.2.0.813.2.0.8
Teamcenter V13.3<V13.3.0.313.3.0.3
Teamcenter V14.0<V14.0.0.214.0.0.2
Remediation & Mitigation
0/8
Do now
0/1HARDENINGRestrict local access to Teamcenter hosts to trusted personnel only
Schedule — requires maintenance window
0/6Patching may require device reboot — plan for process interruption
Teamcenter V12.4
HOTFIXUpdate Teamcenter V12.4 to version 12.4.0.13 or later
Teamcenter V13.0
HOTFIXUpdate Teamcenter V13.0 to version 13.0.0.9 or later
Teamcenter V13.1
HOTFIXUpdate Teamcenter V13.1 to version 13.1.0.9 or later
Teamcenter V13.2
HOTFIXUpdate Teamcenter V13.2 to version 13.2.0.8 or later
Teamcenter V13.3
HOTFIXUpdate Teamcenter V13.3 to version 13.3.0.3 or later
Teamcenter V14.0
HOTFIXUpdate Teamcenter V14.0 to version 14.0.0.2 or later
Long-term hardening
0/1HARDENINGIsolate Teamcenter network from the business network and the Internet using firewalls
CVEs (2)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/31b329a1-05ac-47a6-9f37-9ec7c9c773f4