Details of VAR-202109-1704

ID

VAR-202109-1704

CVE

CVE-2021-40354

TITLE

Teamcenter Vulnerability in privilege management in

Trust: 0.8

sources: JVNDB: JVNDB-2021-012313

DESCRIPTION

A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.8), Teamcenter V13.0 (All versions < V13.0.0.7), Teamcenter V13.1 (All versions < V13.1.0.5), Teamcenter V13.2 (All versions < 13.2.0.2). The "surrogate" functionality on the user profile of the application does not perform sufficient access control that could lead to an account takeover. Any profile on the application can perform this attack and access any other user assigned tasks via the "inbox/surrogate tasks". Teamcenter Exists in a permission management vulnerability.Information may be obtained and information may be tampered with. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Trust: 2.25

sources: NVD: CVE-2021-40354 // JVNDB: JVNDB-2021-012313 // CNNVD: CNNVD-202104-975 // VULMON: CVE-2021-40354

AFFECTED PRODUCTS

vendor:	siemens	model:	teamcenter visualization	scope:	lt	version:	13.2.0.2	Trust: 1.0
vendor:	siemens	model:	teamcenter visualization	scope:	lt	version:	12.4.0.8	Trust: 1.0
vendor:	siemens	model:	teamcenter visualization	scope:	lt	version:	13.0.0.7	Trust: 1.0
vendor:	siemens	model:	teamcenter visualization	scope:	gte	version:	13.0.0	Trust: 1.0
vendor:	siemens	model:	teamcenter visualization	scope:	gte	version:	13.1.0	Trust: 1.0
vendor:	siemens	model:	teamcenter visualization	scope:	gte	version:	13.2.0	Trust: 1.0
vendor:	siemens	model:	teamcenter visualization	scope:	gte	version:	12.4.0	Trust: 1.0
vendor:	siemens	model:	teamcenter visualization	scope:	lt	version:	13.1.0.5	Trust: 1.0
vendor:	シーメンス	model:	teamcenter visualization	scope:	eq	version:	13.0 that's all 13.0.0.7	Trust: 0.8
vendor:	シーメンス	model:	teamcenter visualization	scope:	eq	version:	-	Trust: 0.8
vendor:	シーメンス	model:	teamcenter visualization	scope:	eq	version:	12.4 that's all 12.4.0.8	Trust: 0.8
vendor:	シーメンス	model:	teamcenter visualization	scope:	eq	version:	13.1 that's all 13.1.0.5	Trust: 0.8
vendor:	シーメンス	model:	teamcenter visualization	scope:	eq	version:	13.2 that's all 13.2.0.2	Trust: 0.8

sources: JVNDB: JVNDB-2021-012313 // NVD: CVE-2021-40354

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2021-40354
value:	HIGH
Trust: 1.8
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202109-967
value:	HIGH
Trust: 0.6
VULMON:	CVE-2021-40354
value:	MEDIUM
Trust: 0.1

NVD:
severity:	MEDIUM
baseScore:	5.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	4.9
acInsufInfo:	FALSE
obtainAllPrivilege:	FALSE
obtainUserPrivilege:	FALSE
obtainOtherPrivilege:	FALSE
userInteractionRequired:	FALSE
version:	2.0
Trust: 1.0
NVD:	CVE-2021-40354
severity:	MEDIUM
baseScore:	5.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.9

NVD:
baseSeverity:	HIGH
baseScore:	7.1
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	4.2
version:	3.1
Trust: 1.0
NVD:	CVE-2021-40354
baseSeverity:	HIGH
baseScore:	7.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULMON: CVE-2021-40354 // JVNDB: JVNDB-2021-012313 // NVD: CVE-2021-40354 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202109-967

PROBLEMTYPE DATA

problemtype:	CWE-269	Trust: 1.0
problemtype:	Improper authority management (CWE-269) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-012313 // NVD: CVE-2021-40354

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202109-967

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

CONFIGURATIONS

sources: NVD: CVE-2021-40354

PATCH

title:	SSA-987403	url:	https://cert-portal.siemens.com/productcert/pdf/ssa-987403.pdf	Trust: 0.8
title:	Siemens Teamcenter Fixes for permissions and access control issues vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=163045	Trust: 0.6

sources: JVNDB: JVNDB-2021-012313 // CNNVD: CNNVD-202109-967

EXTERNAL IDS

db:	NVD	id:	CVE-2021-40354	Trust: 3.3
db:	SIEMENS	id:	SSA-987403	Trust: 1.7
db:	JVNDB	id:	JVNDB-2021-012313	Trust: 0.8
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	CS-HELP	id:	SB2021091705	Trust: 0.6
db:	CNNVD	id:	CNNVD-202109-967	Trust: 0.6
db:	VULMON	id:	CVE-2021-40354	Trust: 0.1

sources: VULMON: CVE-2021-40354 // JVNDB: JVNDB-2021-012313 // NVD: CVE-2021-40354 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202109-967

REFERENCES

url:	https://cert-portal.siemens.com/productcert/pdf/ssa-987403.pdf	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-40354	Trust: 0.8
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021091705	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/269.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULMON: CVE-2021-40354 // JVNDB: JVNDB-2021-012313 // NVD: CVE-2021-40354 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202109-967

SOURCES

db:	VULMON	id:	CVE-2021-40354
db:	JVNDB	id:	JVNDB-2021-012313
db:	NVD	id:	CVE-2021-40354
db:	CNNVD	id:	CNNVD-202104-975
db:	CNNVD	id:	CNNVD-202109-967

LAST UPDATE DATE

2023-12-18T10:49:38.960000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2021-40354	date:	2021-09-28T00:00:00
db:	JVNDB	id:	JVNDB-2021-012313	date:	2022-08-29T08:00:00
db:	NVD	id:	CVE-2021-40354	date:	2022-08-12T17:49:31.817
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	CNNVD	id:	CNNVD-202109-967	date:	2021-09-29T00:00:00

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2021-40354	date:	2021-09-14T00:00:00
db:	JVNDB	id:	JVNDB-2021-012313	date:	2022-08-29T00:00:00
db:	NVD	id:	CVE-2021-40354	date:	2021-09-14T11:15:26.667
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	CNNVD	id:	CNNVD-202109-967	date:	2021-09-14T00:00:00