CVE-2022-31619

HIGH

Teamcenter <V12.4.0.13, <V13.0.0.9, <V13.1.0.9, <V13.2.0.9, <V13.3....

Title source: llm
STIX 2.1

Description

A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.13), Teamcenter V13.0 (All versions < V13.0.0.9), Teamcenter V13.1 (All versions < V13.1.0.9), Teamcenter V13.2 (All versions < V13.2.0.9), Teamcenter V13.3 (All versions < V13.3.0.3), Teamcenter V14.0 (All versions < V14.0.0.2). Java EE Server Manager HTML Adaptor in Teamcenter consists of default hardcoded credentials. Access to the application allows a user to perform a series of actions that could potentially lead to remote code execution with elevated permissions.

References (1)

Core 1
Core References
Patch, Vendor Advisory x_refsource_misc
https://cert-portal.siemens.com/productcert/pdf/ssa-220589.pdf

Scores

CVSS v3 8.8
EPSS 0.0122
EPSS Percentile 79.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-798
Status published
Products (1)
siemens/teamcenter 12.4 - 12.4.0.13
Published Jun 14, 2022
Tracked Since Feb 18, 2026