Which versions of Siemens Teamcenter are affected by CVE-2026-33893?

Siemens Teamcenter PLM contains hardcoded cryptographic keys that allow unauthenticated remote attackers to bypass authentication and access sensitive product lifecycle management data across…

Siemens Teamcenter CVE-2026-33893

Q: What is the CVSS score of CVE-2026-33893?

CVE-2026-33893 has a CVSS 4.0 base score of 8.7 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

Q: How to fix or mitigate CVE-2026-33893?

Within 24 hours: Inventory all Teamcenter deployments and document affected versions (V2312, V2406, V2412, V2506, V2512); escalate to Siemens support for emergency guidance and mitigations. Within 7 days: Implement network-level access controls to restrict Teamcenter connectivity to known authorized networks and disable remote access where possible; enable enhanced logging and alerting on authentication events. Within 30 days: Contact Siemens for available patches or workarounds; prepare for emergency patching or upgrade planning once vendor guidance is available; conduct forensic audit of access logs for unauthorized connection attempts.

EUVD-2026-29432 HIGH

Use of Hard-coded Credentials (CWE-798)

2026-05-12 siemens

GHSA-6wgq-3rp2-w647

Authentication Bypass

8.7

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

Analysis Updated

May 12, 2026 - 10:32 vuln.today

v2 (cvss_changed)

Re-analysis Queued

May 12, 2026 - 10:22 vuln.today

cvss_changed

CVSS changed

May 12, 2026 - 10:22 NVD

7.5 (HIGH) 8.7 (HIGH)

Analysis Generated

May 12, 2026 - 10:04 vuln.today

CVE Published

May 12, 2026 - 08:21 nvd

HIGH 7.5

DescriptionNVD

A vulnerability has been identified in Teamcenter V2312 (All versions < V2312.0014), Teamcenter V2406 (All versions < V2406.0012), Teamcenter V2412 (All versions < V2412.0009), Teamcenter V2506 (All versions < V2506.0005), Teamcenter V2512 (All versions). The affected application contains hardcoded key which is used for obfuscation stored directly into the application. This could allow an attacker to obtain these keys and misuse them to gain unauthorized access.

AnalysisAI

Hardcoded cryptographic keys in Siemens Teamcenter PLM software enable remote attackers to bypass authentication and gain unauthorized access to confidential product lifecycle management data. The vulnerability affects multiple Teamcenter versions (V2312, V2406, V2412, V2506, V2512) and is remotely exploitable without authentication (CVSS:4.0 AV:N/AC:L/PR:N). …

RemediationAI

Within 24 hours: Inventory all Teamcenter deployments and document affected versions (V2312, V2406, V2412, V2506, V2512); escalate to Siemens support for emergency guidance and mitigations. Within 7 days: Implement network-level access controls to restrict Teamcenter connectivity to known authorized networks and disable remote access where possible; enable enhanced logging and alerting on authentication events. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-33893 vulnerability details – vuln.today

Back

Siemens Teamcenter CVE-2026-33893

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Analysis

Full analysis requires sign-in

Share

Siemens Teamcenter CVE-2026-33893

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code