Open Redirect Vulnerability in Teamcenter

Plan Patch7.4SSA-656895Feb 11, 2025

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

The SSO login service in Siemens Teamcenter contains an open redirect vulnerability that allows an attacker to redirect authenticated users to an attacker-controlled URL, enabling session credential theft. The vulnerability affects Teamcenter V14.1, V14.2, V14.3 (before 14.3.0.14), V2312 (before 2312.0010), V2406 (before 2406.0008), and V2412 (before 2412.0004). Siemens has released patches for versions 14.3 and later; V14.1 and V14.2 have no planned fix but a hot fix may be available through Software Field Bulletin PL8837639.

What this means

What could happen

An attacker could craft a malicious link that redirects a legitimate user to a fake login page after they authenticate with Teamcenter, allowing the attacker to steal their valid session credentials and gain unauthorized access to the system.

Who's at risk

Organizations using Siemens Teamcenter for product lifecycle management and engineering data management should be concerned. This affects all users with access to Teamcenter's SSO login service, particularly those with elevated privileges (engineers, planners, supervisors).

How it could be exploited

An attacker sends a phishing email or link containing a specially crafted Teamcenter SSO login URL with a redirect parameter pointing to an attacker-controlled site. When a user clicks the link and authenticates, they are redirected to the attacker's site where their session token is captured.

Prerequisites

User must click an attacker-supplied link
User must be logged in or attempt to log in to Teamcenter
Teamcenter SSO login service must be internet-facing or accessible to the attacker

remotely exploitableno authentication required for initial accesslow complexityrequires user interaction (phishing)credential theft riskolder versions (V14.1, V14.2) have no vendor fix available

Exploitability

Low exploit probability (EPSS 0.3%)

Affected products (6)

4 with fix2 EOL

ProductAffected VersionsFix Status

Teamcenter V14.3< V14.3.0.1414.3.0.14

Teamcenter V2312< V2312.00102312.0010

Teamcenter V2406< V2406.00082406.0008

Teamcenter V2412< V2412.00042412.0004

Teamcenter V14.1All versionsNo fix (EOL)

Teamcenter V14.2All versionsNo fix (EOL)

Remediation & Mitigation

0/7

Do now

0/1

WORKAROUNDFor V14.1 and V14.2 (no fix available), apply hot fix from Software Field Bulletin PL8837639

Schedule — requires maintenance window

0/4

Patching may require device reboot — plan for process interruption

Teamcenter V14.3

HOTFIXUpdate Teamcenter V14.3 to version 14.3.0.14 or later

Teamcenter V2312

HOTFIXUpdate Teamcenter V2312 to version 2312.0010 or later

Teamcenter V2406

HOTFIXUpdate Teamcenter V2406 to version 2406.0008 or later

Teamcenter V2412

HOTFIXUpdate Teamcenter V2412 to version 2412.0004 or later

Mitigations - no patch available

0/2

The following products have reached End of Life with no planned fix: Teamcenter V14.1, Teamcenter V14.2. Apply the following compensating controls:

HARDENINGImplement email security controls to block phishing emails with malicious Teamcenter SSO links

HARDENINGConsider restricting Teamcenter SSO login service to internal network only if possible

CVEs (1)

CVE-2025-23363

View full Siemens ProductCERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/fbf26002-acfb-45df-9d96-36c982630a19