Zip Path Traversal Vulnerability in Teamcenter Active Workspace
Monitor6.8SSA-133772Dec 14, 2021
Attack VectorNetwork
Auth RequiredHigh
ComplexityLow
User InteractionRequired
Summary
Teamcenter Active Workspace versions V4.3 before 4.3.11, V5.0 before 5.0.10, V5.1 before 5.1.6, and V5.2 before 5.2.3 contain a path traversal vulnerability in zip file handling. An authenticated user could upload a malicious zip file that extracts files outside the intended directory, potentially leading to remote code execution on the Teamcenter server. The flaw stems from insufficient validation of file paths during zip extraction.
What this means
What could happen
An attacker with engineering workstation access could exploit a path traversal flaw in zip file handling to run arbitrary code on the Teamcenter server, potentially gaining control over product lifecycle data and engineering documents stored in the system.
Who's at risk
This affects organizations using Siemens Teamcenter Active Workspace for product lifecycle management and engineering data collaboration. It is of concern to manufacturing companies, automotive suppliers, aerospace firms, and any enterprise managing design data and CAD models in Teamcenter. The vulnerability requires valid user credentials, so it poses a risk primarily from insider threats or compromised engineering accounts.
How it could be exploited
An attacker with valid credentials uploads a specially crafted zip file through Teamcenter Active Workspace. The application fails to validate file paths within the zip, allowing the attacker to extract files outside the intended directory. This could enable code execution on the server if executable files are extracted to web-accessible or system-critical directories.
Prerequisites
- Valid engineering workstation or administrator credentials to access Teamcenter Active Workspace
- Network access to the Teamcenter application (typically internal network or VPN)
- Ability to upload or import zip files through the Teamcenter interface
Requires high-privilege credentials (engineering/admin access)Requires user interaction (zip file upload)Low technical complexity exploitationAffects data and system availability in product design workflows
Exploitability
Low exploit probability (EPSS 0.8%)
Affected products (4)
4 with fix
ProductAffected VersionsFix Status
Teamcenter Active Workspace V4.3< V4.3.114.3.11
Teamcenter Active Workspace V5.0< V5.0.105.0.10
Teamcenter Active Workspace V5.1< V5.1.65.1.6
Teamcenter Active Workspace V5.2< V5.2.35.2.3
Remediation & Mitigation
0/5
Do now
0/1WORKAROUNDRestrict zip file uploads and imports to authorized engineering users; audit recent file import activity for suspicious zip files
Schedule — requires maintenance window
0/4Patching may require device reboot — plan for process interruption
Teamcenter Active Workspace V4.3
HOTFIXUpdate Teamcenter Active Workspace V4.3 to version 4.3.11 or later
Teamcenter Active Workspace V5.0
HOTFIXUpdate Teamcenter Active Workspace V5.0 to version 5.0.10 or later
Teamcenter Active Workspace V5.1
HOTFIXUpdate Teamcenter Active Workspace V5.1 to version 5.1.6 or later
Teamcenter Active Workspace V5.2
HOTFIXUpdate Teamcenter Active Workspace V5.2 to version 5.2.3 or later
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/1fbfad04-e137-4a0b-9418-ce1daaf9f9ee