CVE-2022-31619Hard-coded Credentials in Siemens Teamcenter

CWE-798Hard-coded Credentials3 documents3 sources
Severity
8.8HIGHNVD
EPSS
1.2%
top 20.95%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
7
Siemens TeamcenterSiemens Teamcenter V12.4Siemens Teamcenter V13.0+4 more
Timeline
PublishedJun 14
Latest updateJun 15

Description

A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.13), Teamcenter V13.0 (All versions < V13.0.0.9), Teamcenter V13.1 (All versions < V13.1.0.9), Teamcenter V13.2 (All versions < V13.2.0.9), Teamcenter V13.3 (All versions < V13.3.0.3), Teamcenter V14.0 (All versions < V14.0.0.2). Java EE Server Manager HTML Adaptor in Teamcenter consists of default hardcoded credentials. Access to the application allows a user to perform a series of actions that could potentially lea

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages7 packages

NVDsiemens/teamcenter12.412.4.0.13+5
CVEListV5siemens/teamcenter_v12.4All versions < V12.4.0.13
CVEListV5siemens/teamcenter_v13.0All versions < V13.0.0.9
CVEListV5siemens/teamcenter_v13.1All versions < V13.1.0.9
CVEListV5siemens/teamcenter_v13.2All versions < V13.2.0.9

Patches

Patch: cert-portal.siemens.comPatch: cert-portal.siemens.com

🔴Vulnerability Details

2
GHSA
GHSA-fc5j-w57x-fv6j: A vulnerability has been identified in Teamcenter V122022-06-15
CVEList
CVE-2022-31619: A vulnerability has been identified in Teamcenter V122022-06-14
CVE-2022-31619 — Hard-coded Credentials in Siemens | cvebase