cbcvebase.
CVE-2022-34660
published 2022-08-10

CVE-2022-34660: A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.15), Teamcenter V13.0 (All versions < V13.0.0.10), Teamcenter V13.1 (All…

PriorityP262critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.09%
61.2th percentile
A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.15), Teamcenter V13.0 (All versions < V13.0.0.10), Teamcenter V13.1 (All versions < V13.1.0.10), Teamcenter V13.2 (All versions < V13.2.0.9), Teamcenter V13.3 (All versions < V13.3.0.5), Teamcenter V14.0 (All versions < V14.0.0.2). File Server Cache service in Teamcenter consist of a functionality that is vulnerable to command injection. This could potentially allow an attacker to perform remote code execution.

Affected

12 ranges
VendorProductVersion rangeFixed in
siemensteamcenter>= 12.4 < 12.4.0.1512.4.0.15
siemensteamcenter>= 13.0 < 13.0.0.1013.0.0.10
siemensteamcenter>= 13.1 < 13.1.0.1013.1.0.10
siemensteamcenter>= 13.2 < 13.2.0.913.2.0.9
siemensteamcenter>= 13.3 < 13.3.0.513.3.0.5
siemensteamcenter>= 14.0 < 14.0.0.214.0.0.2
siemensteamcenter_v12.4
siemensteamcenter_v13.0
siemensteamcenter_v13.1
siemensteamcenter_v13.2
siemensteamcenter_v13.3
siemensteamcenter_v14.0

Detection & IOCsextracted from sources · hover to see the quote

port4544/tcp
  • CVE-2022-34660 targets the File Server Cache service in Siemens Teamcenter, which is vulnerable to command injection enabling remote code execution. Monitor for anomalous or unexpected commands/processes spawned by the File Server Cache service.
  • The File Server Cache service listens on port 4544/tcp. Restrict and monitor inbound connections to this port; unexpected external connections to 4544/tcp on Teamcenter hosts are a strong indicator of exploitation attempts.
  • The vulnerability requires network-accessible Teamcenter instances (AV:N). Alert on remote connections to Teamcenter File Server Cache service from untrusted or unexpected IP addresses.
  • ·Attack complexity is HIGH and requires HIGH privileges and user interaction (CVSS vector AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H), meaning exploitation is not trivial and requires an authenticated, privileged attacker with some form of user interaction — tune detection thresholds accordingly.
  • ·No known public exploits exist for this vulnerability at time of advisory publication, reducing immediate mass-exploitation risk but not eliminating targeted attack risk.
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.