Vulnerabilities for Teamcenter active workspace (...) - CXSECURITY.COM

Vulnerabilities for 'Teamcenter active workspace'

2022-06-14

CVE-2022-32145

CWE-79

A vulnerability has been identified in Teamcenter Active Workspace V5.2 (All versions < V5.2.9), Teamcenter Active Workspace V6.0 (All versions < V6.0.3). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected application that could allow an attacker to execute malicious code by tricking users into accessing a malicious link.

2021-12-14

CVE-2021-41547

CWE-22

A vulnerability has been identified in Teamcenter Active Workspace V4.3 (All versions < V4.3.11), Teamcenter Active Workspace V5.0 (All versions < V5.0.10), Teamcenter Active Workspace V5.1 (All versions < V5.1.6), Teamcenter Active Workspace V5.2 (All versions < V5.2.3). The application contains an unsafe unzipping pattern that could lead to a zip path traversal attack. This could allow and attacker to execute a remote shell with admin rights.

2021-07-13

CVE-2021-33709

CWE-200

A vulnerability has been identified in Teamcenter Active Workspace V4 (All versions < V4.3.9), Teamcenter Active Workspace V5.0 (All versions < V5.0.7), Teamcenter Active Workspace V5.1 (All versions < V5.1.4). By sending malformed requests, a remote attacker could leak an application token due to an error not properly handled by the system.

CVE-2021-33710

CWE-79

A vulnerability has been identified in Teamcenter Active Workspace V4 (All versions < V4.3.9), Teamcenter Active Workspace V5.0 (All versions < V5.0.7), Teamcenter Active Workspace V5.1 (All versions < V5.1.4). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected devices that could allow an attacker to execute malicious JavaScript code by tricking users into accessing a malicious link.

CVE-2021-33711

CWE-209

A vulnerability has been identified in Teamcenter Active Workspace V4 (All versions < V4.3.9), Teamcenter Active Workspace V5.0 (All versions < V5.0.7), Teamcenter Active Workspace V5.1 (All versions < V5.1.4). The affected application allows verbose error messages which allow leaking of sensitive information, such as full paths.

>>> Vendor: Siemens 653 Products

Speedstream wireless router

Gigaset se361 wlan router

Speedstream 6520

Speedstream 5200

Gigaset wlan camera

Gigaset c450 ip

Gigaset c475 ip

Gigaset se461 wimax router

Simatic wincc flexible runtime

Simatic wincc runtime

Tecnomatix factorylink

Simatic hmi panels

Wincc flexible runtime

Wincc runtime advanced

Automation license manager

Scalance s firmware

Scalance x-300 firmware

Scalance x-300eec firmware

Scalance x308-2m firmware

Scalance x414-3e firmware

Scalance xr-300 firmware

Scalance x-300eec

Scalance x308-2m

Scalance x414-3e

Scalance xr-300

Simatic s7-400 cpu 412-2 pn

Simatic s7-400 cpu 414-3 pn/dp

Simatic s7-400 cpu 414f-3 pn/dp

Simatic s7-400 cpu 416-3 pn/dp

Simatic s7-400 cpu 416f-3 pn/dp

Simatic s7-400 cpu firmware

Synco ozw web server

Synco ozw web server firmware

Simatic s7-1200 plc

Sipass integrated

Simatic rf-manager

Simatic rf-manager 2008

Wincc tia portal

Scalance x204irt

Scalance x202-2irt

Scalance x202-2p irt

Scalance x201-3p irt

Scalance x200-4p irt

Scalance xf204irt

Scalance x200irt firmware

Openscape session border controller

Enterprise openscape branch

Scalance w744-1

Scalance w744-1pro

Scalance w746-1

Scalance w746-1pro

Scalance w747-1

Scalance w747-1rr

Scalance w784-1

Scalance w784-1rr

Scalance w786-1pro

Scalance w786-2pro

Scalance w786-2rr

Scalance w786-3pro

Scalance w788-1pro

Scalance w788-1rr

Scalance w788-2pro

Scalance w788-2rr

Scalance w700 series firmware

Scalance x-200rna

Scalance xf-200

Scalance x-200 series firmware

See all Products for Vendor Siemens

Copyright 2024, cxsecurity.com