CVE-2022-34661

EUVD-2022-37613

10.08.2022, 12:15

A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.15), Teamcenter V13.0 (All versions < V13.0.0.10), Teamcenter V13.1 (All versions < V13.1.0.10), Teamcenter V13.2 (All versions < V13.2.0.9), Teamcenter V13.3 (All versions < V13.3.0.5), Teamcenter V14.0 (All versions < V14.0.0.2). File Server Cache service in Teamcenter is vulnerable to denial of service by entering infinite loops and using up CPU cycles. This could allow an attacker to cause denial of service condition.

Infinite Loop

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CISA-ADP	ADP	6.5 MEDIUM	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 61%

Affected Products (NVD)

Vendor	Product	Version
siemens	teamcenter	12.4 ≤ 𝑥 < 12.4.0.15
siemens	teamcenter	13.0 ≤ 𝑥 < 13.0.0.10
siemens	teamcenter	13.1 ≤ 𝑥 < 13.1.0.10
siemens	teamcenter	13.2 ≤ 𝑥 < 13.2.0.9
siemens	teamcenter	13.3 ≤ 𝑥 < 13.3.0.5
siemens	teamcenter	14.0 ≤ 𝑥 < 14.0.0.2

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
The program contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

References

https://cert-portal.siemens.com/productcert/pdf/ssa-759952.pdf