Path Traversal Vulnerability in Teamcenter Active Workspace

Monitor4.5SSA-413407Sep 14, 2021

Attack VectorNetwork

Auth RequiredHigh

ComplexityLow

User InteractionRequired

Summary

Teamcenter Active Workspace contains a path traversal vulnerability (CWE-22) that could allow an authenticated user to access files and data outside of their intended directory scope, bypassing access controls.

What this means

What could happen

An attacker with valid user credentials could access sensitive design files, product data, or configuration information stored in Teamcenter that they should not have permission to view, potentially exposing intellectual property or operational details.

Who's at risk

Manufacturing and product development organizations using Siemens Teamcenter for PLM (Product Lifecycle Management) should be concerned. This includes engineering teams, design departments, and any staff accessing product data, CAD files, specifications, or engineering documentation through Active Workspace. Affected versions: 4.3, 5.0, 5.1, and 5.2.

How it could be exploited

An attacker with valid Teamcenter user credentials can craft malicious file paths (using directory traversal sequences like "../") when requesting documents or files through the Active Workspace web interface. The application fails to properly validate the requested path, allowing the attacker to read files stored outside their authorized directory.

Prerequisites

Valid Teamcenter Active Workspace user account and login credentials
Network access to the Teamcenter Active Workspace web server (typically HTTP/HTTPS, port 80/443)
User interaction: victim must navigate to a malicious link or the attacker must interact with the interface directly

Remotely exploitableRequires valid credentialsLow attack complexityAffects data confidentiality (intellectual property exposure)

Exploitability

Low exploit probability (EPSS 0.6%)

Affected products (4)

4 with fix

ProductAffected VersionsFix Status

Teamcenter Active Workspace V4.3< V4.3.104.3.10

Teamcenter Active Workspace V5.0< V5.0.85.0.8

Teamcenter Active Workspace V5.1< V5.1.55.1.5

Teamcenter Active Workspace V5.2< V5.2.15.2.1

Remediation & Mitigation

0/6

Do now

0/1

HARDENINGRestrict Active Workspace network access to authorized users only using firewall rules and VPN; limit exposure to trusted engineering workstations and design offices

Schedule — requires maintenance window

0/4

Patching may require device reboot — plan for process interruption

Teamcenter Active Workspace V4.3

HOTFIXUpdate Teamcenter Active Workspace V4.3 to version 4.3.10 or later

Teamcenter Active Workspace V5.0

HOTFIXUpdate Teamcenter Active Workspace V5.0 to version 5.0.8 or later

Teamcenter Active Workspace V5.1

HOTFIXUpdate Teamcenter Active Workspace V5.1 to version 5.1.5 or later

Teamcenter Active Workspace V5.2

HOTFIXUpdate Teamcenter Active Workspace V5.2 to version 5.2.1 or later

Long-term hardening

0/1

HARDENINGAudit access logs to identify any unauthorized file access attempts using path traversal patterns

CVEs (1)

CVE-2021-40357

View full Siemens ProductCERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/c672093b-bc53-43b6-a3f6-fc67fd228bd5