Skip to main content

Teamcenter V2412

2 CVEs product

Monthly

CVE-2026-33893 HIGH CISA Act Now

Hardcoded cryptographic keys in Siemens Teamcenter PLM software enable remote attackers to bypass authentication and gain unauthorized access to confidential product lifecycle management data. The vulnerability affects multiple Teamcenter versions (V2312, V2406, V2412, V2506, V2512) and is remotely exploitable without authentication (CVSS:4.0 AV:N/AC:L/PR:N). While no active exploitation or public POC has been identified at time of analysis, the straightforward nature of hardcoded credential extraction (AC:L) combined with the criticality of Teamcenter as an enterprise PLM platform housing intellectual property makes this a high-priority remediation target for manufacturing and engineering organizations.

Authentication Bypass Teamcenter V2312 Teamcenter V2406 Teamcenter V2412 Teamcenter V2506 +1
NVD
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-33862 HIGH CISA Act Now

Stored cross-site scripting (XSS) in Siemens Teamcenter allows authenticated attackers with low privileges to inject malicious JavaScript that executes in other users' browser sessions, enabling session hijacking, credential theft, or unauthorized actions within the product lifecycle management platform. Affects Teamcenter versions V2312 through V2512 with vendor patches released for all branches. CVSS v4.0 scores 8.5 (High) due to network attack vector with low complexity, though exploitation requires user interaction and authenticated access. No public exploit code or CISA KEV listing identified at time of analysis.

XSS Teamcenter V2312 Teamcenter V2406 Teamcenter V2412 Teamcenter V2506 +1
NVD VulDB
CVSS 4.0
8.5
EPSS
0.0%
EPSS 0% CVSS 8.7
HIGH Act Now

Hardcoded cryptographic keys in Siemens Teamcenter PLM software enable remote attackers to bypass authentication and gain unauthorized access to confidential product lifecycle management data. The vulnerability affects multiple Teamcenter versions (V2312, V2406, V2412, V2506, V2512) and is remotely exploitable without authentication (CVSS:4.0 AV:N/AC:L/PR:N). While no active exploitation or public POC has been identified at time of analysis, the straightforward nature of hardcoded credential extraction (AC:L) combined with the criticality of Teamcenter as an enterprise PLM platform housing intellectual property makes this a high-priority remediation target for manufacturing and engineering organizations.

Authentication Bypass Teamcenter V2312 Teamcenter V2406 +3
NVD
EPSS 0% CVSS 8.5
HIGH Act Now

Stored cross-site scripting (XSS) in Siemens Teamcenter allows authenticated attackers with low privileges to inject malicious JavaScript that executes in other users' browser sessions, enabling session hijacking, credential theft, or unauthorized actions within the product lifecycle management platform. Affects Teamcenter versions V2312 through V2512 with vendor patches released for all branches. CVSS v4.0 scores 8.5 (High) due to network attack vector with low complexity, though exploitation requires user interaction and authenticated access. No public exploit code or CISA KEV listing identified at time of analysis.

XSS Teamcenter V2312 Teamcenter V2406 +3
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy