| Reporter | Title | Published | Views | Family All 15 |
|---|---|---|---|---|
| The vulnerability of the SSO (Single Sign-On) service of the Teamcenter lifecycle management system allows a hacker to redirect a user to any given URL address. | 4 Mar 202500:00 | – | bdu_fstec | |
| CVE-2025-23363 | 11 Feb 202510:54 | – | circl | |
| Siemens Teamcenter 输入验证错误漏洞 | 11 Feb 202500:00 | – | cnnvd | |
| Siemens Teamcenter Redirection Vulnerability | 26 Feb 202500:00 | – | cnvd | |
| CVE-2025-23363 | 11 Feb 202510:29 | – | cve | |
| CVE-2025-23363 | 11 Feb 202510:29 | – | cvelist | |
| EUVD-2025-3158 | 3 Oct 202520:07 | – | euvd | |
| Siemens Teamcenter | 11 Feb 202500:00 | – | ics | |
| Vulnerabilities fixed in Siemens products | 11 Feb 202519:40 | – | ncsc | |
| Vulnerabilities fixed in Siemens products | 14 Feb 202508:46 | – | ncsc |
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(274364);
script_version("1.2");
script_set_attribute(attribute:"plugin_modification_date", value:"2025/11/18");
script_cve_id("CVE-2025-23363");
script_xref(name:"IAVA", value:"2024-A-0816-S");
script_name(english:"Teamcenter Visualization SSO login service Vulnerability");
script_set_attribute(attribute:"synopsis", value:
"The remote host is affected by SSO login service");
script_set_attribute(attribute:"description", value:
"Teamcenter contains an open-redirect vulnerability in its SSO login service affecting Teamcenter V14.1, V14.2,
V14.3, V2312, V2406, and V2412; the SSO accepts user-controlled input that can point to external URLs, allowing
an attacker to craft a link that redirects a legitimate user to a malicious site to steal session data exploitation
requires the user to click the attacker-crafted link.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://cert-portal.siemens.com/productcert/html/ssa-656895.html");
script_set_attribute(attribute:"solution", value:
"See vendor advisory.");
script_set_attribute(attribute:"agent", value:"windows");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2025-23363");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2024/12/10");
script_set_attribute(attribute:"patch_publication_date", value:"2024/12/10");
script_set_attribute(attribute:"plugin_publication_date", value:"2025/11/07");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:siemens:teamcenter");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows");
script_copyright(english:"This script is Copyright (C) 2025 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("siemens_teamcenter_installed.nbin");
script_require_keys("installed_sw/Siemens Teamcenter");
exit(0);
}
include('vcf.inc');
var app_info = vcf::get_app_info(app:'Siemens Teamcenter');
var version = app_info['version'];
if (version =~ "^14\.3\.")
{
vcf::check_granularity(app_info:app_info, sig_segments:4);
}
else
{
vcf::check_granularity(app_info:app_info, sig_segments:2);
}
var constraints = [
{ 'min_version' : '14.1.0', 'max_version': '14.1.999999', 'fixed_display': 'See vendor advisory', 'require_paranoia': TRUE },
{ 'min_version' : '14.2.0', 'max_version': '14.2.999999', 'fixed_display': 'See vendor advisory', 'require_paranoia': TRUE},
{ 'min_version' : '14.3.0.0', 'fixed_version' : '14.3.0.14'},
{ 'min_version' : '2312.0', 'fixed_version' : '2312.0010' },
{ 'min_version' : '2406.0', 'fixed_version' : '2406.0008' },
{ 'min_version' : '2412.0', 'fixed_version' : '2412.0004' }];
vcf::check_version_and_report(
app_info:app_info,
constraints:constraints,
severity:SECURITY_HOLE
);Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation