Siemens Teamcenter

Plan Patch7.6ICS-CERT ICSA-22-223-02Aug 9, 2022

Attack VectorNetwork

Auth RequiredHigh

ComplexityHigh

User InteractionRequired

Summary

Siemens Teamcenter File Service Cache service is affected by command injection (CWE-77) and denial of service (CWE-835) vulnerabilities. An attacker with high privileges and user interaction can inject commands or cause the service to stop responding.

What this means

What could happen

An authenticated attacker with high privileges could inject commands on the Teamcenter server or cause the File Service Cache to stop responding, disrupting access to design and engineering data critical to manufacturing operations.

Who's at risk

Manufacturing and product lifecycle management (PLM) teams using Siemens Teamcenter for design data management, CAD file storage, and collaborative engineering. Specifically affects Teamcenter deployments in automotive, aerospace, machinery, and heavy equipment industries where engineering data integrity and availability are critical.

How it could be exploited

An attacker with administrative or engineering credentials can interact with the File Service Cache service (port 4544/tcp) and inject shell commands or malformed input that causes the service to hang or crash. The attack requires user interaction (such as accepting a dialog or confirming an action) to succeed.

Prerequisites

Network access to port 4544/tcp (File Service Cache)
High-privilege credentials (administrator or engineer role in Teamcenter)
User interaction required (attacker must trick a privileged user into accepting a dialog or action)

Remotely exploitable over network port 4544Requires high-privilege credentialsRequires user interactionNo public exploits knownAffects engineering data availability and integrity

Exploitability

Low exploit probability (EPSS 0.9%)

Affected products (6)

6 with fix

ProductAffected VersionsFix Status

Teamcenter V12.4<V12.4.0.1512.4.0.15

Teamcenter V13.0<V13.0.0.1013.0.0.10

Teamcenter V13.1<V13.1.0.1013.1.0.10

Teamcenter V13.2<V13.2.0.913.2.0.9

Teamcenter V13.3<V13.3.0.513.3.0.5

Teamcenter V14.0<V14.0.0.214.0.0.2

Remediation & Mitigation

0/3

Do now

0/2

WORKAROUNDRestrict firewall access to port 4544/tcp to only known, trusted engineering workstations and administration hosts

HARDENINGLimit local host access to the Teamcenter server to authorized personnel only; restrict physical and remote administrative access

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Teamcenter to the patched version for your release: V12.4.0.15, V13.0.0.10, V13.1.0.10, V13.2.0.9, V13.3.0.5, or V14.0.0.2 or later

CVEs (2)

CVE-2022-34660 CVE-2022-34661

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/00ed2fb7-5005-4819-aff8-b02027437697