Lucene search

[email protected]NVD:CVE-2022-34660

HistoryAug 10, 2022 - 12:15 p.m.

CVE-2022-34660

2022-08-1012:15:12

CWE-77

[email protected]

web.nvd.nist.gov

cve-2022-34660

teamcenter

v12.4

v13.0

v13.1

v13.2

v13.3

v14.0

command injection

remote code execution

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.003

Percentile

69.8%

JSON

A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.15), Teamcenter V13.0 (All versions < V13.0.0.10), Teamcenter V13.1 (All versions < V13.1.0.10), Teamcenter V13.2 (All versions < V13.2.0.9), Teamcenter V13.3 (All versions < V13.3.0.5), Teamcenter V14.0 (All versions < V14.0.0.2). File Server Cache service in Teamcenter consist of a functionality that is vulnerable to command injection. This could potentially allow an attacker to perform remote code execution.

Affected configurations

Nvd

Node

siemensteamcenterRange12.4–12.4.0.15

siemensteamcenterRange13.0–13.0.0.10

siemensteamcenterRange13.1–13.1.0.10

siemensteamcenterRange13.2–13.2.0.9

siemensteamcenterRange13.3–13.3.0.5

siemensteamcenterRange14.0–14.0.0.2

VendorProductVersionCPE
siemensteamcenter*cpe:2.3:a:siemens:teamcenter:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
siemens	teamcenter	*	cpe:2.3:a:siemens:teamcenter::::::::

References

cert-portal.siemens.com/productcert/pdf/ssa-759952.pdf

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.003

Percentile

69.8%

JSON

Related for NVD:CVE-2022-34660

prion1 cnvd1 cvelist1 cve1 ics1