CVE-2022-34661
published 2022-08-10CVE-2022-34661: A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.15), Teamcenter V13.0 (All versions < V13.0.0.10), Teamcenter V13.1 (All…
PriorityP336high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
0.64%
45.8th percentile
A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.15), Teamcenter V13.0 (All versions < V13.0.0.10), Teamcenter V13.1 (All versions < V13.1.0.10), Teamcenter V13.2 (All versions < V13.2.0.9), Teamcenter V13.3 (All versions < V13.3.0.5), Teamcenter V14.0 (All versions < V14.0.0.2). File Server Cache service in Teamcenter is vulnerable to denial of service by entering infinite loops and using up CPU cycles. This could allow an attacker to cause denial of service condition.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| siemens | teamcenter | >= 12.4 < 12.4.0.15 | 12.4.0.15 |
| siemens | teamcenter | >= 13.0 < 13.0.0.10 | 13.0.0.10 |
| siemens | teamcenter | >= 13.1 < 13.1.0.10 | 13.1.0.10 |
| siemens | teamcenter | >= 13.2 < 13.2.0.9 | 13.2.0.9 |
| siemens | teamcenter | >= 13.3 < 13.3.0.5 | 13.3.0.5 |
| siemens | teamcenter | >= 14.0 < 14.0.0.2 | 14.0.0.2 |
| siemens | teamcenter_v12.4 | — | — |
| siemens | teamcenter_v13.0 | — | — |
| siemens | teamcenter_v13.1 | — | — |
| siemens | teamcenter_v13.2 | — | — |
| siemens | teamcenter_v13.3 | — | — |
| siemens | teamcenter_v14.0 | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Siemens Teamcenter
cisa_ics·2022-08-16·CVSS 9.8
[CRITICAL] Siemens Teamcenter
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Siemens Teamcenter
Last RevisedAugust 16, 2022
Alert CodeICSA-22-223-02
## 1. EXECUTIVE SUMMARY
- CVSS v3 7.6
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Siemens
- Equipment: Teamcenter
- Vulnerabilities: Command Injection, Infinite Loop
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could lead to command injection and denial-of-service condition.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following versions of Teamcenter, a product lifecycle management software, are affected:
- Teamcenter v12.4: All versions prio
GHSA
GHSA-ww5r-x8xx-g992: A vulnerability has been identified in Teamcenter V12
ghsa_unreviewed·2022-08-11
CVE-2022-34661 [HIGH] CWE-835 GHSA-ww5r-x8xx-g992: A vulnerability has been identified in Teamcenter V12
A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.15), Teamcenter V13.0 (All versions < V13.0.0.10), Teamcenter V13.1 (All versions < V13.1.0.10), Teamcenter V13.2 (All versions < V13.2.0.9), Teamcenter V13.3 (All versions < V13.3.0.5), Teamcenter V14.0 (All versions < V14.0.0.2). File Server Cache service in Teamcenter is vulnerable to denial of service by entering infinite loops and using up CPU cycles. This could allow an attacker to cause denial of service condition.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-08-10
Published