ID

VAR-202109-1704


CVE

CVE-2021-40354


TITLE

Teamcenter  Vulnerability in privilege management in

Trust: 0.8

sources: JVNDB: JVNDB-2021-012313

DESCRIPTION

A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.8), Teamcenter V13.0 (All versions < V13.0.0.7), Teamcenter V13.1 (All versions < V13.1.0.5), Teamcenter V13.2 (All versions < 13.2.0.2). The "surrogate" functionality on the user profile of the application does not perform sufficient access control that could lead to an account takeover. Any profile on the application can perform this attack and access any other user assigned tasks via the "inbox/surrogate tasks". Teamcenter Exists in a permission management vulnerability.Information may be obtained and information may be tampered with. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Trust: 2.25

sources: NVD: CVE-2021-40354 // JVNDB: JVNDB-2021-012313 // CNNVD: CNNVD-202104-975 // VULMON: CVE-2021-40354

AFFECTED PRODUCTS

vendor:siemensmodel:teamcenter visualizationscope:ltversion:13.2.0.2

Trust: 1.0

vendor:siemensmodel:teamcenter visualizationscope:ltversion:12.4.0.8

Trust: 1.0

vendor:siemensmodel:teamcenter visualizationscope:ltversion:13.0.0.7

Trust: 1.0

vendor:siemensmodel:teamcenter visualizationscope:gteversion:13.0.0

Trust: 1.0

vendor:siemensmodel:teamcenter visualizationscope:gteversion:13.1.0

Trust: 1.0

vendor:siemensmodel:teamcenter visualizationscope:gteversion:13.2.0

Trust: 1.0

vendor:siemensmodel:teamcenter visualizationscope:gteversion:12.4.0

Trust: 1.0

vendor:siemensmodel:teamcenter visualizationscope:ltversion:13.1.0.5

Trust: 1.0

vendor:シーメンスmodel:teamcenter visualizationscope:eqversion:13.0 that's all 13.0.0.7

Trust: 0.8

vendor:シーメンスmodel:teamcenter visualizationscope:eqversion: -

Trust: 0.8

vendor:シーメンスmodel:teamcenter visualizationscope:eqversion:12.4 that's all 12.4.0.8

Trust: 0.8

vendor:シーメンスmodel:teamcenter visualizationscope:eqversion:13.1 that's all 13.1.0.5

Trust: 0.8

vendor:シーメンスmodel:teamcenter visualizationscope:eqversion:13.2 that's all 13.2.0.2

Trust: 0.8

sources: JVNDB: JVNDB-2021-012313 // NVD: CVE-2021-40354

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2021-40354
value: HIGH

Trust: 1.8

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202109-967
value: HIGH

Trust: 0.6

VULMON: CVE-2021-40354
value: MEDIUM

Trust: 0.1

NVD:
severity: MEDIUM
baseScore: 5.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 4.9
acInsufInfo: FALSE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: FALSE
version: 2.0

Trust: 1.0

NVD: CVE-2021-40354
severity: MEDIUM
baseScore: 5.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.9

NVD:
baseSeverity: HIGH
baseScore: 7.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 4.2
version: 3.1

Trust: 1.0

NVD: CVE-2021-40354
baseSeverity: HIGH
baseScore: 7.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULMON: CVE-2021-40354 // JVNDB: JVNDB-2021-012313 // NVD: CVE-2021-40354 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202109-967

PROBLEMTYPE DATA

problemtype:CWE-269

Trust: 1.0

problemtype:Improper authority management (CWE-269) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-012313 // NVD: CVE-2021-40354

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202109-967

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

CONFIGURATIONS

sources: NVD: CVE-2021-40354

PATCH

title:SSA-987403url:https://cert-portal.siemens.com/productcert/pdf/ssa-987403.pdf

Trust: 0.8

title:Siemens Teamcenter Fixes for permissions and access control issues vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=163045

Trust: 0.6

sources: JVNDB: JVNDB-2021-012313 // CNNVD: CNNVD-202109-967

EXTERNAL IDS

db:NVDid:CVE-2021-40354

Trust: 3.3

db:SIEMENSid:SSA-987403

Trust: 1.7

db:JVNDBid:JVNDB-2021-012313

Trust: 0.8

db:CS-HELPid:SB2021041363

Trust: 0.6

db:CNNVDid:CNNVD-202104-975

Trust: 0.6

db:CS-HELPid:SB2021091705

Trust: 0.6

db:CNNVDid:CNNVD-202109-967

Trust: 0.6

db:VULMONid:CVE-2021-40354

Trust: 0.1

sources: VULMON: CVE-2021-40354 // JVNDB: JVNDB-2021-012313 // NVD: CVE-2021-40354 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202109-967

REFERENCES

url:https://cert-portal.siemens.com/productcert/pdf/ssa-987403.pdf

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2021-40354

Trust: 0.8

url:https://www.cybersecurity-help.cz/vdb/sb2021041363

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021091705

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/269.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULMON: CVE-2021-40354 // JVNDB: JVNDB-2021-012313 // NVD: CVE-2021-40354 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202109-967

SOURCES

db:VULMONid:CVE-2021-40354
db:JVNDBid:JVNDB-2021-012313
db:NVDid:CVE-2021-40354
db:CNNVDid:CNNVD-202104-975
db:CNNVDid:CNNVD-202109-967

LAST UPDATE DATE

2023-12-18T10:49:38.960000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2021-40354date:2021-09-28T00:00:00
db:JVNDBid:JVNDB-2021-012313date:2022-08-29T08:00:00
db:NVDid:CVE-2021-40354date:2022-08-12T17:49:31.817
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:CNNVDid:CNNVD-202109-967date:2021-09-29T00:00:00

SOURCES RELEASE DATE

db:VULMONid:CVE-2021-40354date:2021-09-14T00:00:00
db:JVNDBid:JVNDB-2021-012313date:2022-08-29T00:00:00
db:NVDid:CVE-2021-40354date:2021-09-14T11:15:26.667
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:CNNVDid:CNNVD-202109-967date:2021-09-14T00:00:00