CVE-2022-34660 — Command Injection in Siemens Teamcenter

CWE-77 — Command Injection3 documents3 sources

Severity

9.8CRITICALNVD

EPSS

0.9%

top 24.98%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Siemens Teamcenter Siemens Teamcenter V12.4 Siemens Teamcenter V13.0 +4 more

Timeline

PublishedAug 10

Latest updateAug 11

Description

A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.15), Teamcenter V13.0 (All versions < V13.0.0.10), Teamcenter V13.1 (All versions < V13.1.0.10), Teamcenter V13.2 (All versions < V13.2.0.9), Teamcenter V13.3 (All versions < V13.3.0.5), Teamcenter V14.0 (All versions < V14.0.0.2). File Server Cache service in Teamcenter consist of a functionality that is vulnerable to command injection. This could potentially allow an attacker to perform remote code execution.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages7 packages

▶NVDsiemens/teamcenter12.4 — 12.4.0.15+5

▶CVEListV5siemens/teamcenter_v12.4All versions < V12.4.0.15

▶CVEListV5siemens/teamcenter_v13.0All versions < V13.0.0.10

▶CVEListV5siemens/teamcenter_v13.1All versions < V13.1.0.10

▶CVEListV5siemens/teamcenter_v13.2All versions < V13.2.0.9

🔴Vulnerability Details

GHSA

GHSA-99fp-fmrp-pwj6: A vulnerability has been identified in Teamcenter V12↗2022-08-11

▶

CVEList

CVE-2022-34660: A vulnerability has been identified in Teamcenter V12↗2022-08-10

▶