PT-2022-20874 · Siemens · Teamcenter
Published
2022-06-14
·
Updated
2023-02-23
·
CVE-2022-31619
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Teamcenter versions prior to V12.4.0.13
Teamcenter versions prior to V13.0.0.9
Teamcenter versions prior to V13.1.0.9
Teamcenter versions prior to V13.2.0.9
Teamcenter versions prior to V13.3.0.3
Teamcenter versions prior to V14.0.0.2
Description
A vulnerability has been identified in Teamcenter, where the Java EE Server Manager HTML Adaptor consists of default hardcoded credentials. This allows a user to perform a series of actions that could potentially lead to remote code execution with elevated permissions.
Recommendations
For versions prior to V12.4.0.13, update to V12.4.0.13 or later.
For versions prior to V13.0.0.9, update to V13.0.0.9 or later.
For versions prior to V13.1.0.9, update to V13.1.0.9 or later.
For versions prior to V13.2.0.9, update to V13.2.0.9 or later.
For versions prior to V13.3.0.3, update to V13.3.0.3 or later.
For versions prior to V14.0.0.2, update to V14.0.0.2 or later.
Fix
Using Hardcoded Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Teamcenter