{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/teamcenter-v2312/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":7.5,"id":"CVE-2026-33893"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Teamcenter V2312","Teamcenter V2406","Teamcenter V2412","Teamcenter V2506","Teamcenter V2512"],"_cs_severities":["medium"],"_cs_tags":["cve","vulnerability","hardcoded-key","teamcenter"],"_cs_type":"advisory","_cs_vendors":["Siemens AG"],"content_html":"\u003cp\u003eA vulnerability, identified as CVE-2026-33893, affects Siemens Teamcenter. This vulnerability exists due to the presence of hardcoded keys used for obfuscation within the application code. An attacker who successfully obtains these keys could potentially misuse them to bypass security measures and gain unauthorized access to sensitive data or system functionalities. Affected versions include Teamcenter V2312 (all versions prior to V2312.0014), Teamcenter V2406 (all versions prior to V2406.0012), Teamcenter V2412 (all versions prior to V2412.0009), Teamcenter V2506 (all versions prior to V2506.0005), and Teamcenter V2512. This issue poses a significant risk to organizations relying on Teamcenter for product lifecycle management.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker identifies a vulnerable Teamcenter instance exposed over the network.\u003c/li\u003e\n\u003cli\u003eThe attacker reverse engineers the Teamcenter application binaries.\u003c/li\u003e\n\u003cli\u003eThe attacker locates the hardcoded key within the application\u0026rsquo;s code.\u003c/li\u003e\n\u003cli\u003eThe attacker uses the hardcoded key to decrypt or deobfuscate sensitive data.\u003c/li\u003e\n\u003cli\u003eThe attacker leverages the decrypted data to bypass authentication or authorization controls.\u003c/li\u003e\n\u003cli\u003eThe attacker gains unauthorized access to Teamcenter functionalities and data.\u003c/li\u003e\n\u003cli\u003eThe attacker exfiltrates sensitive data or manipulates the system to achieve their objectives.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-33893 can lead to unauthorized access to sensitive product data, intellectual property, or control over Teamcenter functionalities. The impact includes potential data breaches, manipulation of product designs, and disruption of product lifecycle management processes. The severity is rated as high with a CVSS v3.1 score of 7.5, indicating a significant risk to confidentiality.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply the patches provided by Siemens AG to upgrade Teamcenter to the fixed versions: V2312.0014, V2406.0012, V2412.0009, and V2506.0005 to remediate CVE-2026-33893.\u003c/li\u003e\n\u003cli\u003eMonitor network traffic for unusual access patterns to Teamcenter resources.\u003c/li\u003e\n\u003cli\u003eDeploy the following Sigma rule to detect processes attempting to access Teamcenter binaries to extract hardcoded keys.\u003c/li\u003e\n\u003cli\u003eReview Teamcenter access logs for unauthorized access attempts following patch application.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-12T10:24:22Z","date_published":"2026-05-12T10:24:22Z","id":"https://feed.craftedsignal.io/briefs/2026-05-cve-2026-33893-teamcenter-hardcoded-key/","summary":"CVE-2026-33893 describes a vulnerability in Siemens Teamcenter where hardcoded keys used for obfuscation are stored directly within the application, potentially allowing an attacker to obtain these keys and gain unauthorized access.","title":"Siemens Teamcenter Hardcoded Key Vulnerability (CVE-2026-33893)","url":"https://feed.craftedsignal.io/briefs/2026-05-cve-2026-33893-teamcenter-hardcoded-key/"},{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":7.3,"id":"CVE-2026-33862"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Teamcenter V2312","Teamcenter V2406","Teamcenter V2412","Teamcenter V2506","Teamcenter V2512"],"_cs_severities":["medium"],"_cs_tags":["cve","xss","siemens","teamcenter"],"_cs_type":"advisory","_cs_vendors":["Siemens"],"content_html":"\u003cp\u003eA cross-site scripting (XSS) vulnerability, identified as CVE-2026-33862, affects multiple versions of Siemens Teamcenter. Specifically, Teamcenter V2312 (all versions before V2312.0014), Teamcenter V2406 (all versions before V2406.0012), Teamcenter V2412 (all versions before V2412.0009), Teamcenter V2506 (all versions before V2506.0005), and Teamcenter V2512 are impacted. The vulnerability stems from the application\u0026rsquo;s failure to properly encode or filter user-supplied data. This flaw allows a remote attacker to inject malicious scripts into the application that can then be executed by other users when they interact with the affected page, potentially leading to data theft, session hijacking, or other malicious activities. The vulnerability was reported on 2026-05-12.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker crafts a malicious payload containing JavaScript code.\u003c/li\u003e\n\u003cli\u003eThe attacker injects the payload into a vulnerable Teamcenter input field, such as a comment, name, or description.\u003c/li\u003e\n\u003cli\u003eThe attacker submits the form or triggers the action that saves the malicious input to the Teamcenter database.\u003c/li\u003e\n\u003cli\u003eA legitimate user accesses the page or resource where the injected payload is displayed.\u003c/li\u003e\n\u003cli\u003eThe victim\u0026rsquo;s web browser executes the attacker-controlled JavaScript code within the context of the Teamcenter web application.\u003c/li\u003e\n\u003cli\u003eThe malicious script can then perform actions such as stealing the user\u0026rsquo;s session cookies, redirecting the user to a malicious website, or modifying the content of the page.\u003c/li\u003e\n\u003cli\u003eThe attacker can use the stolen session cookie to impersonate the user and gain unauthorized access to Teamcenter.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this XSS vulnerability (CVE-2026-33862) could lead to the execution of arbitrary JavaScript code in the context of other Teamcenter users\u0026rsquo; browsers. This can result in session hijacking, theft of sensitive information, defacement of the application, or redirection to malicious websites. Given the potential for unauthorized access and data manipulation, this vulnerability poses a significant risk to organizations using affected versions of Siemens Teamcenter.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade to the latest versions of Teamcenter: V2312.0014, V2406.0012, V2412.0009, V2506.0005, or V2512 to remediate CVE-2026-33862 (see references).\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect Suspicious Teamcenter URI Activity\u003c/code\u003e to identify potential exploitation attempts by monitoring for specific patterns in HTTP requests.\u003c/li\u003e\n\u003cli\u003eImplement input validation and output encoding mechanisms within the Teamcenter application to prevent XSS attacks.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-12T10:20:50Z","date_published":"2026-05-12T10:20:50Z","id":"https://feed.craftedsignal.io/briefs/2026-05-cve-2026-33862/","summary":"Siemens Teamcenter versions V2312 (before V2312.0014), V2406 (before V2406.0012), V2412 (before V2412.0009), V2506 (before V2506.0005), and V2512 are vulnerable to cross-site scripting (XSS) due to improper encoding or filtering of user-supplied data, potentially leading to arbitrary code execution by other users.","title":"Siemens Teamcenter Vulnerability CVE-2026-33862 - Cross-Site Scripting","url":"https://feed.craftedsignal.io/briefs/2026-05-cve-2026-33862/"}],"language":"en","title":"CraftedSignal Threat Feed — Teamcenter V2312","version":"https://jsonfeed.org/version/1.1"}