CVE-2022-34661
https://notcve.org/view.php?id=CVE-2022-34661
A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.15), Teamcenter V13.0 (All versions < V13.0.0.10), Teamcenter V13.1 (All versions < V13.1.0.10), Teamcenter V13.2 (All versions < V13.2.0.9), Teamcenter V13.3 (All versions < V13.3.0.5), Teamcenter V14.0 (All versions < V14.0.0.2). File Server Cache service in Teamcenter is vulnerable to denial of service by entering infinite loops and using up CPU cycles. This could allow an attacker to cause denial of service condition. Se ha identificado una vulnerabilidad en Teamcenter V12.4 (Todas las versiones anteriores a V12.4.0.15), Teamcenter V13.0 (Todas las versiones anteriores a V13.0.0.10), Teamcenter V13.1 (Todas las versiones anteriores a V13.1.0.10), Teamcenter V13.2 (Todas las versiones anteriores a V13.2.0.9), Teamcenter V13.3 (Todas las versiones anteriores a V13.3.0.5), Teamcenter V14.0 (Todas las versiones anteriores a V14.0.0.2). El servicio de caché del servidor de archivos en Teamcenter es vulnerable a una denegación de servicio al entrar en bucles infinitos y consumir ciclos de CPU. • https://cert-portal.siemens.com/productcert/pdf/ssa-759952.pdf • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVE-2022-34660
https://notcve.org/view.php?id=CVE-2022-34660
A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.15), Teamcenter V13.0 (All versions < V13.0.0.10), Teamcenter V13.1 (All versions < V13.1.0.10), Teamcenter V13.2 (All versions < V13.2.0.9), Teamcenter V13.3 (All versions < V13.3.0.5), Teamcenter V14.0 (All versions < V14.0.0.2). File Server Cache service in Teamcenter consist of a functionality that is vulnerable to command injection. This could potentially allow an attacker to perform remote code execution. Se ha identificado una vulnerabilidad en Teamcenter V12.4 (Todas las versiones anteriores a V12.4.0.15), Teamcenter V13.0 (Todas las versiones anteriores a V13.0.0.10), Teamcenter V13.1 (Todas las versiones anteriores a V13.1.0.10), Teamcenter V13.2 (Todas las versiones anteriores a V13.2.0.9), Teamcenter V13.3 (Todas las versiones anteriores a V13.3.0.5), Teamcenter V14.0 (Todas las versiones anteriores a V14.0.0.2). El servicio File Server Cache en Teamcenter consiste en una funcionalidad que es vulnerable a una inyección de comandos. • https://cert-portal.siemens.com/productcert/pdf/ssa-759952.pdf • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVE-2022-31619
https://notcve.org/view.php?id=CVE-2022-31619
A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.13), Teamcenter V13.0 (All versions < V13.0.0.9), Teamcenter V13.1 (All versions < V13.1.0.9), Teamcenter V13.2 (All versions < V13.2.0.9), Teamcenter V13.3 (All versions < V13.3.0.3), Teamcenter V14.0 (All versions < V14.0.0.2). Java EE Server Manager HTML Adaptor in Teamcenter consists of default hardcoded credentials. Access to the application allows a user to perform a series of actions that could potentially lead to remote code execution with elevated permissions. Se ha identificado una vulnerabilidad en Teamcenter V12.4 (Todas las versiones anteriores a V12.4.0.13), Teamcenter V13.0 (Todas las versiones anteriores a V13.0.0.9), Teamcenter V13.1 (Todas las versiones anteriores a V13.1.0.9), Teamcenter V13.2 (Todas las versiones anteriores a V13.2.0.9), Teamcenter V13.3 (Todas las versiones anteriores a V13.3.0.3), Teamcenter V14.0 (Todas las versiones anteriores a V14.0.0.2). El adaptador HTML de Java EE Server Manager en Teamcenter consta de credenciales predeterminadas codificadas. • https://cert-portal.siemens.com/productcert/pdf/ssa-220589.pdf • CWE-798: Use of Hard-coded Credentials •
CVE-2022-29801
https://notcve.org/view.php?id=CVE-2022-29801
A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.13), Teamcenter V13.0 (All versions < V13.0.0.9). The application contains a XML External Entity Injection (XXE) vulnerability. This could allow an attacker to view files on the application server filesystem. Se ha identificado una vulnerabilidad en Teamcenter V12.4 (Todas las versiones anteriores a V12.4.0.13), Teamcenter V13.0 (Todas las versiones anteriores a V13.0.0.9). La aplicación contiene una vulnerabilidad de inyección de entidades externas XML (XXE). • https://cert-portal.siemens.com/productcert/pdf/ssa-789162.pdf • CWE-611: Improper Restriction of XML External Entity Reference •
CVE-2022-24290
https://notcve.org/view.php?id=CVE-2022-24290
A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.13), Teamcenter V13.0 (All versions < V13.0.0.9), Teamcenter V13.1 (All versions), Teamcenter V13.2 (All versions < V13.2.0.8), Teamcenter V13.3 (All versions < V13.3.0.3), Teamcenter V14.0 (All versions < V14.0.0.2). The tcserver.exe binary in affected applications is vulnerable to a stack overflow condition during the parsing of user input that may lead the binary to crash. Se ha identificado una vulnerabilidad en Teamcenter V12.4 (Todas las versiones anteriores a V12.4.0.13), Teamcenter V13.0 (Todas las versiones anteriores a V13.0.0.9), Teamcenter V13.1 (Todas las versiones), Teamcenter V13.2 (Todas las versiones anteriores a V13.2.0.8), Teamcenter V13.3 (Todas las versiones anteriores a V13.3.0.3), Teamcenter V14.0 (Todas las versiones anteriores a V14.0.0.2). El binario tcserver.exe de las aplicaciones afectadas es vulnerable a una condición de desbordamiento de pila durante el análisis de la entrada del usuario que puede hacer que el binario se bloquee • https://cert-portal.siemens.com/productcert/pdf/ssa-789162.pdf • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •