Multiple Vulnerabilities in Teamcenter

Plan Patch7.2SSA-987403Sep 14, 2021

Attack VectorNetwork

Auth RequiredHigh

ComplexityLow

User InteractionNone needed

Summary

Teamcenter is affected by three vulnerabilities: incorrect privilege assignment (CWE-267), Insecure Direct Object Reference (CWE-639), and XML External Entity Injection (CWE-611). These vulnerabilities allow unauthorized access to objects, elevation of privileges, and potential code execution through XML processing.

What this means

What could happen

An attacker with high privileges could gain unauthorized access to sensitive design data, alter product configurations, or execute code on the Teamcenter server. This could compromise intellectual property and disrupt product development workflows.

Who's at risk

This affects any organization using Siemens Teamcenter for product lifecycle management (PLM), primarily engineering and manufacturing companies that rely on Teamcenter for design data, bill of materials, and product configuration management. The impact is greatest for companies where design data theft or unauthorized modification could disrupt production planning or compromise competitive advantage.

How it could be exploited

An attacker with high-level credentials could exploit incorrect privilege assignment to access restricted functions. They could then leverage IDOR to access objects belonging to other users by manipulating object references. XXE injection through XML parsing could allow remote code execution if the attacker can upload or provide malicious XML files to the system.

Prerequisites

High-privilege user credentials (engineering or administrator account)
Network access to Teamcenter application port
Ability to craft and submit IDOR requests or malicious XML payloads
XXE exploitation requires the ability to upload or submit XML content to the application

Remotely exploitableHigh privileges required but could lead to lateral movementLow complexity attack once credentials obtainedAffects design and configuration dataMultiple vulnerability vectors in same product

Exploitability

Low exploit probability (EPSS 0.4%)

Affected products (4)

4 with fix

ProductAffected VersionsFix Status

Teamcenter V12.4< V12.4.0.812.4.0.8

Teamcenter V13.0< V13.0.0.713.0.0.7

Teamcenter V13.1< V13.1.0.513.1.0.5

Teamcenter V13.2< 13.2.0.213.2.0.2

Remediation & Mitigation

0/7

Do now

0/2

WORKAROUNDRestrict Teamcenter network access to authorized engineering and PLM personnel only; implement firewall rules to limit access from specific IP ranges or VLANs

WORKAROUNDDisable XML external entity processing in Teamcenter if possible through application configuration

Schedule — requires maintenance window

0/5

Patching may require device reboot — plan for process interruption

Teamcenter V12.4

HOTFIXUpdate Teamcenter V12.4 to version 12.4.0.8 or later

Teamcenter V13.0

HOTFIXUpdate Teamcenter V13.0 to version 13.0.0.7 or later

Teamcenter V13.1

HOTFIXUpdate Teamcenter V13.1 to version 13.1.0.5 or later

Teamcenter V13.2

HOTFIXUpdate Teamcenter V13.2 to version 13.2.0.2 or later

All products

HARDENINGAudit user accounts with high-privilege access in Teamcenter and remove unnecessary administrative credentials

CVEs (3)

CVE-2021-40354 CVE-2021-40355 CVE-2021-40356

View full Siemens ProductCERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/7537d567-0e06-4be1-9481-63a85c3607d6