Siemens Teamcenter

Plan PatchCVSS 7.4ICS-CERT ICSA-25-044-07Feb 11, 2025

Siemens

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

The SSO login service in Siemens Teamcenter contains an open redirect vulnerability (CWE-601) that allows attackers to redirect authenticated users to attacker-controlled URLs, enabling session credential theft. An attacker can craft a malicious link that, after legitimate user authentication, redirects to a phishing site where session tokens are captured. The vulnerability affects Teamcenter V14.1, V14.2, V14.3 (all versions before 14.3.0.14), V2312 (before 2312.0010), V2406 (before 2406.0008), and V2412 (before 2412.0004).

What this means

What could happen

An attacker can create a fake login link that redirects users to a malicious website after authenticating with Teamcenter, stealing their valid session credentials. This could allow unauthorized access to product lifecycle management data and design files.

Who's at risk

This affects organizations using Siemens Teamcenter for product lifecycle management and design data storage. Primary users are engineering departments, manufacturers, and system integrators relying on Teamcenter for collaborative design workflows. V14.1 and V14.2 users should evaluate alternative solutions or apply network segmentation if patching is not feasible.

How it could be exploited

An attacker crafts a phishing email with a malicious Teamcenter login link containing an open redirect parameter. When a user clicks the link and authenticates, they are redirected to an attacker-controlled site where the session token is captured. The attacker can then use the stolen session to access Teamcenter as the legitimate user.

Prerequisites

User must click on attacker-crafted link in email or messaging
User must have valid Teamcenter credentials
Teamcenter SSO service must be reachable from the user's network

remotely exploitablelow complexityno authentication required at vector (attacker-controlled redirect link)user interaction requiredaffects confidentiality of design and engineering data

Exploitability

Unlikely to be exploited — EPSS score 0.3%

Affected products (6)

4 with fix2 EOL

ProductAffected VersionsFix Status

Teamcenter V14.1All versionsNo fix (EOL)

Teamcenter V14.3< V14.3.0.1414.3.0.14

Teamcenter V2312< V2312.00102312.0010

Teamcenter V2406< V2406.00082406.0008

Teamcenter V2412< V2412.00042412.0004

Teamcenter V14.2All versionsNo fix (EOL)

Remediation & Mitigation

0/6

Do now

0/1

WORKAROUNDImplement user awareness training on not clicking links in unsolicited emails and verifying URLs before entering credentials

Schedule — requires maintenance window

0/4

Patching may require device reboot — plan for process interruption

Teamcenter V14.3

HOTFIXUpdate Teamcenter V14.3 to version 14.3.0.14 or later

Teamcenter V2312

HOTFIXUpdate Teamcenter V2312 to version 2312.0010 or later

Teamcenter V2406

HOTFIXUpdate Teamcenter V2406 to version 2406.0008 or later

Teamcenter V2412

HOTFIXUpdate Teamcenter V2412 to version 2412.0004 or later

Mitigations - no patch available

0/1

The following products have reached End of Life with no planned fix: Teamcenter V14.1, Teamcenter V14.2. Apply the following compensating controls:

HARDENINGRestrict network access to Teamcenter SSO service to known engineering workstations and administrative hosts only

CVEs (1)

CVE-2025-23363

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/001870e2-4029-4cc4-aa15-29803071238e

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.