CVE-2021-40354
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.8), Teamcenter V13.0 (All versions < V13.0.0.7), Teamcenter V13.1 (All versions < V13.1.0.5), Teamcenter V13.2 (All versions < 13.2.0.2). The "surrogate" functionality on the user profile of the application does not perform sufficient access control that could lead to an account takeover. Any profile on the application can perform this attack and access any other user assigned tasks via the "inbox/surrogate tasks".
Se ha identificado una vulnerabilidad en Teamcenter versión V12.4 (Todas las versiones anteriores a V12.4.0.8), Teamcenter versión V13.0 (Todas las versiones anteriores a V13.0.0.7), Teamcenter versión V13.1 (Todas las versiones anteriores a V13.1.0.5), Teamcenter versión V13.2 (Todas las versiones anteriores a 13.2.0.2). La funcionalidad "surrogate" en el perfil de usuario de la aplicación no lleva acabo un control de acceso suficiente que podría conllevar a una toma de posesión de la cuenta. Cualquier perfil de la aplicación puede llevar a cabo este ataque y acceder a cualquier otra tarea asignada por el usuario por medio de "inbox/surrogate tasks"
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-09-01 CVE Reserved
- 2021-09-14 CVE Published
- 2023-04-07 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-267: Privilege Defined With Unsafe Actions
- CWE-269: Improper Privilege Management
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-987403.pdf | 2022-08-12 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Siemens Search vendor "Siemens" | Teamcenter Visualization Search vendor "Siemens" for product "Teamcenter Visualization" | >= 12.4.0 < 12.4.0.8 Search vendor "Siemens" for product "Teamcenter Visualization" and version " >= 12.4.0 < 12.4.0.8" | - |
Affected
| ||||||
| Siemens Search vendor "Siemens" | Teamcenter Visualization Search vendor "Siemens" for product "Teamcenter Visualization" | >= 13.0.0 < 13.0.0.7 Search vendor "Siemens" for product "Teamcenter Visualization" and version " >= 13.0.0 < 13.0.0.7" | - |
Affected
| ||||||
| Siemens Search vendor "Siemens" | Teamcenter Visualization Search vendor "Siemens" for product "Teamcenter Visualization" | >= 13.1.0 < 13.1.0.5 Search vendor "Siemens" for product "Teamcenter Visualization" and version " >= 13.1.0 < 13.1.0.5" | - |
Affected
| ||||||
| Siemens Search vendor "Siemens" | Teamcenter Visualization Search vendor "Siemens" for product "Teamcenter Visualization" | >= 13.2.0 < 13.2.0.2 Search vendor "Siemens" for product "Teamcenter Visualization" and version " >= 13.2.0 < 13.2.0.2" | - |
Affected
| ||||||