Which versions of Siemens Teamcenter are affected by CVE-2026-33862?

Siemens Teamcenter versions V2312-V2512 contain a stored cross-site scripting vulnerability that allows authenticated users with low privileges to inject malicious code affecting other users'…

Siemens Teamcenter CVE-2026-33862

Q: What is the CVSS score of CVE-2026-33862?

CVE-2026-33862 has a CVSS 4.0 base score of 8.5 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

Q: How to fix or mitigate CVE-2026-33862?

Within 24 hours: Identify all Teamcenter deployments and determine installed versions (V2312-V2512). Within 7 days: Review vendor advisory for available patches and apply to non-production environments for testing; restrict low-privileged user account creation and review access controls. Within 30 days: Deploy vendor patches to all production Teamcenter instances across affected versions; conduct post-patch validation of functionality and security controls.

EUVD-2026-29430 HIGH

Cross-site Scripting (XSS) (CWE-79)

2026-05-12 siemens

GHSA-4pjx-495c-f5cg

XSS

8.5

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

Scope

Lifecycle Timeline

Analysis Updated

May 12, 2026 - 10:33 vuln.today

v2 (cvss_changed)

Re-analysis Queued

May 12, 2026 - 10:22 vuln.today

cvss_changed

CVSS changed

May 12, 2026 - 10:22 NVD

7.3 (HIGH) 8.5 (HIGH)

Analysis Generated

May 12, 2026 - 10:03 vuln.today

CVE Published

May 12, 2026 - 08:21 nvd

HIGH 7.3

DescriptionNVD

A vulnerability has been identified in Teamcenter V2312 (All versions < V2312.0014), Teamcenter V2406 (All versions < V2406.0012), Teamcenter V2412 (All versions < V2412.0009), Teamcenter V2506 (All versions < V2506.0005), Teamcenter V2512 (All versions). The affected application does not properly encode or filter user-supplied data. This could allow an attacker to inject malicious code that can be executed by other users when they visit the affected page.

AnalysisAI

Stored cross-site scripting (XSS) in Siemens Teamcenter allows authenticated attackers with low privileges to inject malicious JavaScript that executes in other users' browser sessions, enabling session hijacking, credential theft, or unauthorized actions within the product lifecycle management platform. Affects Teamcenter versions V2312 through V2512 with vendor patches released for all branches. …

RemediationAI

Within 24 hours: Identify all Teamcenter deployments and determine installed versions (V2312-V2512). Within 7 days: Review vendor advisory for available patches and apply to non-production environments for testing; restrict low-privileged user account creation and review access controls. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-33862 vulnerability details – vuln.today

Back

Siemens Teamcenter CVE-2026-33862

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Analysis

Full analysis requires sign-in

Share

Siemens Teamcenter CVE-2026-33862

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code