Vulnerability-Lookup

CNVD-2026-23465

Vulnerability from cnvd - Published: 2026-06-09

Title

Siemens Teamcenter跨站脚本漏洞

Description

Siemens Teamcenter是德国西门子（Siemens）公司的一套产品生命周期管理计算机软件应用程序。 Siemens Teamcenter存在跨站脚本漏洞，该漏洞是由于受影响的应用程序未能正确编码或过滤用户提供的数据，攻击者可利用该漏洞注入恶意代码。

Severity

中

Patch Name

Siemens Teamcenter跨站脚本漏洞的补丁

Patch Description

Siemens Teamcenter是德国西门子（Siemens）公司的一套产品生命周期管理计算机软件应用程序。 Siemens Teamcenter存在跨站脚本漏洞，该漏洞是由于受影响的应用程序未能正确编码或过滤用户提供的数据，攻击者可利用该漏洞注入恶意代码。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://cert-portal.siemens.com/productcert/html/ssa-827383.html

Reference

https://nvd.nist.gov/vuln/detail/CVE-2026-33862

Impacted products

Name
['Siemens Teamcenter V2512', 'Siemens Teamcenter V2506 <V2506.0005', 'Siemens Teamcenter V2412 <V2412.0009', 'Siemens Teamcenter V2406 <V2406.0012', 'Siemens Teamcenter V2406 <V2406.0006', 'Siemens Teamcenter V2312 <V2312.0014', 'Siemens Teamcenter V2312 <V2312.0009']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2026-33862",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2026-33862"
    }
  },
  "description": "Siemens Teamcenter\u662f\u5fb7\u56fd\u897f\u95e8\u5b50\uff08Siemens\uff09\u516c\u53f8\u7684\u4e00\u5957\u4ea7\u54c1\u751f\u547d\u5468\u671f\u7ba1\u7406\u8ba1\u7b97\u673a\u8f6f\u4ef6\u5e94\u7528\u7a0b\u5e8f\u3002\n\nSiemens Teamcenter\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u662f\u7531\u4e8e\u53d7\u5f71\u54cd\u7684\u5e94\u7528\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u7f16\u7801\u6216\u8fc7\u6ee4\u7528\u6237\u63d0\u4f9b\u7684\u6570\u636e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6ce8\u5165\u6076\u610f\u4ee3\u7801\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://cert-portal.siemens.com/productcert/html/ssa-827383.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2026-23465",
  "openTime": "2026-06-09",
  "patchDescription": "Siemens Teamcenter\u662f\u5fb7\u56fd\u897f\u95e8\u5b50\uff08Siemens\uff09\u516c\u53f8\u7684\u4e00\u5957\u4ea7\u54c1\u751f\u547d\u5468\u671f\u7ba1\u7406\u8ba1\u7b97\u673a\u8f6f\u4ef6\u5e94\u7528\u7a0b\u5e8f\u3002\r\n\r\nSiemens Teamcenter\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u662f\u7531\u4e8e\u53d7\u5f71\u54cd\u7684\u5e94\u7528\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u7f16\u7801\u6216\u8fc7\u6ee4\u7528\u6237\u63d0\u4f9b\u7684\u6570\u636e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6ce8\u5165\u6076\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Siemens Teamcenter\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Siemens Teamcenter V2512",
      "Siemens Teamcenter V2506 \u003cV2506.0005",
      "Siemens Teamcenter V2412 \u003cV2412.0009",
      "Siemens Teamcenter V2406 \u003cV2406.0012",
      "Siemens Teamcenter V2406 \u003cV2406.0006",
      "Siemens Teamcenter V2312 \u003cV2312.0014",
      "Siemens Teamcenter V2312 \u003cV2312.0009"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2026-33862",
  "serverity": "\u4e2d",
  "submitTime": "2026-05-20",
  "title": "Siemens Teamcenter\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e"
}

CVE-2026-33862 (GCVE-0-2026-33862)

Vulnerability from cvelistv5 – Published: 2026-05-12 08:21 – Updated: 2026-05-13 01:48

Summary

A vulnerability has been identified in Teamcenter V2312 (All versions < V2312.0014), Teamcenter V2406 (All versions < V2406.0012), Teamcenter V2412 (All versions < V2412.0009), Teamcenter V2506 (All versions < V2506.0005), Teamcenter V2512 (All versions). The affected application does not properly encode or filter user-supplied data. This could allow an attacker to inject malicious code that can be executed by other users when they visit the affected page.

Severity

7.3 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

8.5 (High)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Assigner

siemens

References

1 reference

URL	Tags
https://cert-portal.siemens.com/productcert/html/…

Impacted products

5 products

Vendor	Product	Version
Siemens	Teamcenter V2312	Affected: 0 , < V2312.0014 (custom)
Siemens	Teamcenter V2406	Affected: 0 , < V2406.0012 (custom)
Siemens	Teamcenter V2412	Affected: 0 , < V2412.0009 (custom)
Siemens	Teamcenter V2506	Affected: 0 , < V2506.0005 (custom)
Siemens	Teamcenter V2512	Unaffected: 0 , < * (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-33862",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-13T01:41:31.594862Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-13T01:48:31.646Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Teamcenter V2312",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2312.0014",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Teamcenter V2406",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2406.0012",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Teamcenter V2412",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2412.0009",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Teamcenter V2506",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2506.0005",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Teamcenter V2512",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in Teamcenter V2312 (All versions \u003c V2312.0014), Teamcenter V2406 (All versions \u003c V2406.0012), Teamcenter V2412 (All versions \u003c V2412.0009), Teamcenter V2506 (All versions \u003c V2506.0005), Teamcenter V2512 (All versions). The affected application does not properly encode or filter user-supplied data. This could allow an attacker to inject malicious code that can be executed by other users when they visit the affected page."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
            "version": "3.1"
          }
        },
        {
          "cvssV4_0": {
            "baseScore": 8.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-12T08:21:14.646Z",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "url": "https://cert-portal.siemens.com/productcert/html/ssa-827383.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2026-33862",
    "datePublished": "2026-05-12T08:21:14.646Z",
    "dateReserved": "2026-03-24T12:34:25.562Z",
    "dateUpdated": "2026-05-13T01:48:31.646Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2026-23465

CVE-2026-33862 (GCVE-0-2026-33862)

Tags

Sightings

Nomenclature