cbcvebase.
CVE-2022-31619
published 2022-06-14

CVE-2022-31619: A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.13), Teamcenter V13.0 (All versions < V13.0.0.9), Teamcenter V13.1 (All…

PriorityP259high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
1.25%
65.6th percentile
A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.13), Teamcenter V13.0 (All versions < V13.0.0.9), Teamcenter V13.1 (All versions < V13.1.0.9), Teamcenter V13.2 (All versions < V13.2.0.9), Teamcenter V13.3 (All versions < V13.3.0.3), Teamcenter V14.0 (All versions < V14.0.0.2). Java EE Server Manager HTML Adaptor in Teamcenter consists of default hardcoded credentials. Access to the application allows a user to perform a series of actions that could potentially lead to remote code execution with elevated permissions.

Affected

12 ranges
VendorProductVersion rangeFixed in
siemensteamcenter>= 12.4 < 12.4.0.1312.4.0.13
siemensteamcenter>= 13.0 < 13.0.0.913.0.0.9
siemensteamcenter>= 13.1 < 13.1.0.913.1.0.9
siemensteamcenter>= 13.2 < 13.2.0.913.2.0.9
siemensteamcenter>= 13.3 < 13.3.0.313.3.0.3
siemensteamcenter>= 14.0 < 14.0.0.214.0.0.2
siemensteamcenter_v12.4
siemensteamcenter_v13.0
siemensteamcenter_v13.1
siemensteamcenter_v13.2
siemensteamcenter_v13.3
siemensteamcenter_v14.0

Detection & IOCsextracted from sources · hover to see the quote

port8082/TCP
  • Detect access to the Java EE Server Manager HTML Adaptor, which listens on port 8082/TCP; any external or unexpected connections to this port on Teamcenter hosts should be treated as suspicious.
  • The vulnerable component (Java EE Server Manager HTML Adaptor) is not installed by default; its presence on a host is itself an anomaly worth flagging during asset inventory and endpoint detection.
  • Monitor for remote code execution activity with elevated permissions originating from Teamcenter server processes, as successful exploitation of the hardcoded credentials leads directly to RCE.
  • ·The vulnerability is rooted in hardcoded default credentials in the Java EE Server Manager HTML Adaptor; any deployment where this component is present should be assumed to have known, static credentials exploitable by any authenticated low-privilege network user.
  • ·The Java EE Server Manager HTML Adaptor is described as obsolete; its presence in a deployment indicates a non-default, legacy configuration that significantly expands attack surface.

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.