Siemens Teamcenter
Act Now9.9ICS-CERT ICSA-22-167-13Jun 14, 2022
Attack VectorNetwork
Auth RequiredLow
ComplexityLow
User InteractionNone needed
Summary
Siemens Teamcenter versions 12.4 through 14.0 contain a vulnerability in the Java EE Server Manager HTML Adaptor that stores user credentials insecurely. An attacker with local access or valid Teamcenter user credentials could retrieve plaintext credentials, gaining unauthorized administrative access. The Java EE Server Manager HTML Adaptor is not installed by default and is now obsoleted; Siemens recommends using Teamcenter Management Console instead. Patch versions are available for all affected releases.
What this means
What could happen
An attacker with local access to a Teamcenter server or valid user credentials could retrieve stored plaintext credentials from the Java EE Server Manager, gaining unauthorized administrative access to the system and potentially disrupting plant data management and engineering workflows.
Who's at risk
Organizations running Siemens Teamcenter V12.4 through V14.0 are affected, particularly those using the legacy Java EE Server Manager HTML Adaptor for administration. This impacts plant data management, engineering collaboration, and configuration control functions. Manufacturing, automotive, and aerospace facilities using Teamcenter for product lifecycle management and CAD/engineering data management should prioritize patching.
How it could be exploited
An attacker with local access to the server or valid (even low-privilege) Teamcenter user credentials can access the Java EE Server Manager HTML Adaptor interface on port 8082/TCP and extract stored plaintext user credentials, then use those credentials to gain administrative access to Teamcenter or connected systems.
Prerequisites
- Local access to the Teamcenter server host, OR valid user credentials for Teamcenter
- Java EE Server Manager HTML Adaptor must be installed (not installed by default)
- Network reachability to port 8082/TCP
Unsecure credential storageRemotely exploitable if attacker has valid credentials or local accessLow complexity attackHigh CVSS score (9.9)Affects multiple recent Teamcenter versionsCritical severity
Exploitability
Moderate exploit probability (EPSS 1.2%)
Affected products (6)
6 with fix
ProductAffected VersionsFix Status
Teamcenter V12.4<V12.4.0.1312.4.0.13
Teamcenter V13.0<V13.0.0.913.0.0.9
Teamcenter V13.1<V13.1.0.913.1.0.9
Teamcenter V13.2<V13.2.0.913.2.0.9
Teamcenter V13.3<V13.3.0.313.3.0.3
Teamcenter V14.0<V14.0.0.214.0.0.2
Remediation & Mitigation
0/5
Do now
0/2WORKAROUNDRestrict network access to port 8082/TCP with firewall rules to only trusted administrative IP addresses
HARDENINGRestrict local access to the Teamcenter server host to authorized personnel only
Schedule — requires maintenance window
0/2Patching may require device reboot — plan for process interruption
HOTFIXUpdate Teamcenter to patched version: V12.4.0.13, V13.0.0.9, V13.1.0.9, V13.2.0.9, V13.3.0.3, or V14.0.0.2 or later
WORKAROUNDRemove or disable Java EE Server Manager HTML Adaptor and migrate to Teamcenter Management Console for server administration
Long-term hardening
0/1HARDENINGSegment the Teamcenter server network from operational technology networks and untrusted networks
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/4581fc60-a18d-4642-8177-a72a9af7707b