Siemens Teamcenter

Plan PatchCVSS 9.9ICS-CERT ICSA-22-167-13Jun 14, 2022

Siemens

Attack path

Attack VectorNetwork

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

Siemens Teamcenter versions 12.4 through 14.0 contain a vulnerability in the Java EE Server Manager HTML Adaptor that stores user credentials insecurely. An attacker with local access or valid Teamcenter user credentials could retrieve plaintext credentials, gaining unauthorized administrative access. The Java EE Server Manager HTML Adaptor is not installed by default and is now obsoleted; Siemens recommends using Teamcenter Management Console instead. Patch versions are available for all affected releases.

What this means

What could happen

An attacker with local access to a Teamcenter server or valid user credentials could retrieve stored plaintext credentials from the Java EE Server Manager, gaining unauthorized administrative access to the system and potentially disrupting plant data management and engineering workflows.

Who's at risk

Organizations running Siemens Teamcenter V12.4 through V14.0 are affected, particularly those using the legacy Java EE Server Manager HTML Adaptor for administration. This impacts plant data management, engineering collaboration, and configuration control functions. Manufacturing, automotive, and aerospace facilities using Teamcenter for product lifecycle management and CAD/engineering data management should prioritize patching.

How it could be exploited

An attacker with local access to the server or valid (even low-privilege) Teamcenter user credentials can access the Java EE Server Manager HTML Adaptor interface on port 8082/TCP and extract stored plaintext user credentials, then use those credentials to gain administrative access to Teamcenter or connected systems.

Prerequisites

Local access to the Teamcenter server host, OR valid user credentials for Teamcenter
Java EE Server Manager HTML Adaptor must be installed (not installed by default)
Network reachability to port 8082/TCP

Unsecure credential storageRemotely exploitable if attacker has valid credentials or local accessLow complexity attackHigh CVSS score (9.9)Affects multiple recent Teamcenter versionsCritical severity

Exploitability

Some exploitation risk — EPSS score 1.2%

Affected products (6)

6 with fix

ProductAffected VersionsFix Status

Teamcenter V12.4<V12.4.0.1312.4.0.13

Teamcenter V13.0<V13.0.0.913.0.0.9

Teamcenter V13.1<V13.1.0.913.1.0.9

Teamcenter V13.2<V13.2.0.913.2.0.9

Teamcenter V13.3<V13.3.0.313.3.0.3

Teamcenter V14.0<V14.0.0.214.0.0.2

Remediation & Mitigation

0/5

Do now

0/2

WORKAROUNDRestrict network access to port 8082/TCP with firewall rules to only trusted administrative IP addresses

HARDENINGRestrict local access to the Teamcenter server host to authorized personnel only

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Teamcenter to patched version: V12.4.0.13, V13.0.0.9, V13.1.0.9, V13.2.0.9, V13.3.0.3, or V14.0.0.2 or later

WORKAROUNDRemove or disable Java EE Server Manager HTML Adaptor and migrate to Teamcenter Management Console for server administration

Long-term hardening

0/1

HARDENINGSegment the Teamcenter server network from operational technology networks and untrusted networks

CVEs (1)

CVE-2022-31619

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/4581fc60-a18d-4642-8177-a72a9af7707b

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.