CVE-2022-31619

14.06.2022, 10:15

A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.13), Teamcenter V13.0 (All versions < V13.0.0.9), Teamcenter V13.1 (All versions < V13.1.0.9), Teamcenter V13.2 (All versions < V13.2.0.9), Teamcenter V13.3 (All versions < V13.3.0.3), Teamcenter V14.0 (All versions < V14.0.0.2). Java EE Server Manager HTML Adaptor in Teamcenter consists of default hardcoded credentials. Access to the application allows a user to perform a series of actions that could potentially lead to remote code execution with elevated permissions.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	8.8 HIGH	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
siemens	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 80%

Vendor	Product	Version
siemens	teamcenter	12.4 ≤ 𝑥 < 12.4.0.13
siemens	teamcenter	13.0 ≤ 𝑥 < 13.0.0.9
siemens	teamcenter	13.1 ≤ 𝑥 < 13.1.0.9
siemens	teamcenter	13.2 ≤ 𝑥 < 13.2.0.9
siemens	teamcenter	13.3 ≤ 𝑥 < 13.3.0.3
siemens	teamcenter	14.0 ≤ 𝑥 < 14.0.0.2

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-798 - Use of Hard-coded Credentials
The software contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.

References

https://cert-portal.siemens.com/productcert/pdf/ssa-220589.pdf