CVE-2022-31619
published 2022-06-14CVE-2022-31619: A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.13), Teamcenter V13.0 (All versions < V13.0.0.9), Teamcenter V13.1 (All…
PriorityP259high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
1.25%
65.6th percentile
A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.13), Teamcenter V13.0 (All versions < V13.0.0.9), Teamcenter V13.1 (All versions < V13.1.0.9), Teamcenter V13.2 (All versions < V13.2.0.9), Teamcenter V13.3 (All versions < V13.3.0.3), Teamcenter V14.0 (All versions < V14.0.0.2). Java EE Server Manager HTML Adaptor in Teamcenter consists of default hardcoded credentials. Access to the application allows a user to perform a series of actions that could potentially lead to remote code execution with elevated permissions.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| siemens | teamcenter | >= 12.4 < 12.4.0.13 | 12.4.0.13 |
| siemens | teamcenter | >= 13.0 < 13.0.0.9 | 13.0.0.9 |
| siemens | teamcenter | >= 13.1 < 13.1.0.9 | 13.1.0.9 |
| siemens | teamcenter | >= 13.2 < 13.2.0.9 | 13.2.0.9 |
| siemens | teamcenter | >= 13.3 < 13.3.0.3 | 13.3.0.3 |
| siemens | teamcenter | >= 14.0 < 14.0.0.2 | 14.0.0.2 |
| siemens | teamcenter_v12.4 | — | — |
| siemens | teamcenter_v13.0 | — | — |
| siemens | teamcenter_v13.1 | — | — |
| siemens | teamcenter_v13.2 | — | — |
| siemens | teamcenter_v13.3 | — | — |
| siemens | teamcenter_v14.0 | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect access to the Java EE Server Manager HTML Adaptor, which listens on port 8082/TCP; any external or unexpected connections to this port on Teamcenter hosts should be treated as suspicious. ↗
- →The vulnerable component (Java EE Server Manager HTML Adaptor) is not installed by default; its presence on a host is itself an anomaly worth flagging during asset inventory and endpoint detection. ↗
- →Monitor for remote code execution activity with elevated permissions originating from Teamcenter server processes, as successful exploitation of the hardcoded credentials leads directly to RCE. ↗
- ·The vulnerability is rooted in hardcoded default credentials in the Java EE Server Manager HTML Adaptor; any deployment where this component is present should be assumed to have known, static credentials exploitable by any authenticated low-privilege network user. ↗
- ·The Java EE Server Manager HTML Adaptor is described as obsolete; its presence in a deployment indicates a non-default, legacy configuration that significantly expands attack surface. ↗
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-fc5j-w57x-fv6j: A vulnerability has been identified in Teamcenter V12
ghsa_unreviewed·2022-06-15
CVE-2022-31619 [HIGH] CWE-798 GHSA-fc5j-w57x-fv6j: A vulnerability has been identified in Teamcenter V12
A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.13), Teamcenter V13.0 (All versions < V13.0.0.9), Teamcenter V13.1 (All versions < V13.1.0.9), Teamcenter V13.2 (All versions), Teamcenter V13.3 (All versions < V13.3.0.3), Teamcenter V14.0 (All versions). Java EE Server Manager HTML Adaptor in Teamcenter consists of default hardcoded credentials. Access to the application allows a user to perform a series of actions that could potentially lead to remote code execution with elevated permissions.
CISA ICS
Siemens Teamcenter (Update A)
cisa_ics·2022-06-16·CVSS 8.8
[HIGH] Siemens Teamcenter (Update A)
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Siemens Teamcenter (Update A)
Last RevisedAugust 11, 2022
Alert CodeICSA-22-167-13
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.9
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Siemens
- Equipment: Teamcenter
- Vulnerability: Use of Hard-coded Credentials
## 2. UPDATE
This updated advisory is a follow-up to the original advisory titled ICSA-22-167-13 Siemens Teamcenter that was published June 16, 2022, to the ICS webpage on cisa.gov/ics.
## 3. RISK EVALUATION
Successful exploitation of this vulnerability could lead to remote code execution with elevated permiss
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-06-14
Published