First published: Tue Dec 14 2021(Updated: )
A vulnerability has been identified in Teamcenter Active Workspace V4.3 (All versions < V4.3.11), Teamcenter Active Workspace V5.0 (All versions < V5.0.10), Teamcenter Active Workspace V5.1 (All versions < V5.1.6), Teamcenter Active Workspace V5.2 (All versions < V5.2.3). The application contains an unsafe unzipping pattern that could lead to a zip path traversal attack. This could allow and attacker to execute a remote shell with admin rights.
Credit: productcert@siemens.com
Affected Software | Affected Version | How to fix |
---|---|---|
Siemens Teamcenter Active Workspace | >=4.3<4.3.11 | |
Siemens Teamcenter Active Workspace | >=5.0<5.0.10 | |
Siemens Teamcenter Active Workspace | >=5.1<5.1.6 | |
Siemens Teamcenter Active Workspace | >=5.2<5.2.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2021-41547.
The vulnerability affects Siemens Teamcenter Active Workspace versions 4.3 (all versions before 4.3.11), 5.0 (all versions before 5.0.10), 5.1 (all versions before 5.1.6), and 5.2 (all versions before 5.2.3).
The severity rating of this vulnerability is high, with a score of 7.2.
The Common Weakness Enumeration (CWE) ID for this vulnerability is CWE-22.
To fix this vulnerability, you should update Teamcenter Active Workspace to version 4.3.11, 5.0.10, 5.1.6, or 5.2.3.