Skip to main content

Siemens Teamcenter CVE-2026-33893

| EUVDEUVD-2026-29432 HIGH
Use of Hard-coded Credentials (CWE-798)
2026-05-12 siemens GHSA-6wgq-3rp2-w647
8.7
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
8.7 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

5
Analysis Updated
May 12, 2026 - 10:32 vuln.today
v2 (cvss_changed)
Re-analysis Queued
May 12, 2026 - 10:22 vuln.today
cvss_changed
CVSS changed
May 12, 2026 - 10:22 NVD
7.5 (HIGH) 8.7 (HIGH)
Analysis Generated
May 12, 2026 - 10:04 vuln.today
CVE Published
May 12, 2026 - 08:21 nvd
HIGH 7.5

DescriptionCVE.org

A vulnerability has been identified in Teamcenter V2312 (All versions < V2312.0014), Teamcenter V2406 (All versions < V2406.0012), Teamcenter V2412 (All versions < V2412.0009), Teamcenter V2506 (All versions < V2506.0005), Teamcenter V2512 (All versions). The affected application contains hardcoded key which is used for obfuscation stored directly into the application. This could allow an attacker to obtain these keys and misuse them to gain unauthorized access.

AnalysisAI

Hardcoded cryptographic keys in Siemens Teamcenter PLM software enable remote attackers to bypass authentication and gain unauthorized access to confidential product lifecycle management data. The vulnerability affects multiple Teamcenter versions (V2312, V2406, V2412, V2506, V2512) and is remotely exploitable without authentication (CVSS:4.0 AV:N/AC:L/PR:N). While no active exploitation or public POC has been identified at time of analysis, the straightforward nature of hardcoded credential extraction (AC:L) combined with the criticality of Teamcenter as an enterprise PLM platform housing intellectual property makes this a high-priority remediation target for manufacturing and engineering organizations.

Technical ContextAI

Teamcenter is Siemens' flagship Product Lifecycle Management (PLM) platform used globally in manufacturing, aerospace, automotive, and engineering sectors to manage sensitive product data, CAD files, bills of materials, and supply chain information. This vulnerability stems from CWE-798 (Use of Hard-coded Credentials), where cryptographic keys used for obfuscation are embedded directly in the application binaries rather than being securely generated, stored, and rotated. The CVSS:4.0 vector indicates network-accessible exploitation (AV:N) with low attack complexity (AC:L) and no required privileges (PR:N), targeting high confidentiality impact (VC:H) while integrity and availability remain unaffected. Hardcoded keys are typically extractable through reverse engineering of application binaries, configuration files, or decompiled code, allowing attackers to decrypt obfuscated data, forge authentication tokens, or impersonate legitimate system components. The vulnerability spans five major version branches (V2312, V2406, V2412, V2506, V2512) per CPE data, suggesting the hardcoded key issue is systemic across recent Teamcenter releases.

RemediationAI

Upgrade to vendor-released patched versions: Teamcenter V2312.0014 or later, V2406.0012 or later, V2412.0009 or later, V2506.0005 or later. For Teamcenter V2512, consult Siemens ProductCERT advisory SSA-827383 for the specific patched release as fix version was not provided in analyzed data (https://cert-portal.siemens.com/productcert/html/ssa-827383.html). During patch deployment windows, implement network-level compensating controls: restrict Teamcenter access to authenticated VPN connections only, deploy web application firewall rules to detect anomalous authentication patterns (multiple failed attempts from single source, successful authentications without corresponding user activity logs), and enable enhanced audit logging for all authentication events to detect potential key misuse. Note that these mitigations do not prevent exploitation by attackers who have already extracted the hardcoded keys, so patching should be prioritized over prolonged reliance on compensating controls. After patching, rotate all authentication credentials and review access logs for the 90-day period preceding patch application to identify potential historical compromise.

Share

CVE-2026-33893 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy