Description
A vulnerability has been identified in Teamcenter V2312 (All versions < V2312.0014), Teamcenter V2406 (All versions < V2406.0012), Teamcenter V2412 (All versions < V2412.0009), Teamcenter V2506 (All versions < V2506.0005), Teamcenter V2512 (All versions). The affected application does not properly encode or filter user-supplied data. This could allow an attacker to inject malicious code that can be executed by other users when they visit the affected page.
Published: 2026-05-12
Score: 8.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A cross‑site scripting flaw exists in Siemens Teamcenter, caused by a lack of proper encoding or filtering of user‑supplied data. This flaw permits an attacker to embed malicious script in a page that is then executed by any other user who visits that page, potentially impacting confidentiality, integrity, or availability. The depth of the impact is not detailed in the CVE but is inferred from typical XSS outcomes. The weakness is a classic output‑encoding issue (CWE‑79).

Affected Systems

Siemens Teamcenter products are affected: V2312 (all versions prior to 2312.0014), V2406 (prior to 2406.0012), V2412 (prior to 2412.0009), V2506 (prior to 2506.0005), and all releases of V2512. All of these versions lack proper input validation that would prevent malicious script injection.

Risk and Exploitability

The vulnerability carries a CVSS score of 8.5, indicating a high‑severity risk. The EPSS score is not available, so the exact exploitation probability cannot be quantified. Exploitation would require an attacker to manipulate input data that the application reflects without filtering, allowing the victim’s browser to execute injected code. The vulnerability is not currently listed in the CISA KEV catalog, but the high severity and widespread deployment make it a prime target for attackers. The attack vector likely involves a web application wherein a user can submit data that is subsequently displayed to other users.

Generated by OpenCVE AI on May 12, 2026 at 10:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the Siemens Teamcenter patch or upgrade to a fixed version for earlier releases (e.g., 2312.0014 or later, 2406.0012 or later, 2412.0009 or later, or 2506.0005 or later). Current V2512 releases remain vulnerable until an official patch is released.
  • After patching or upgrading, perform functional testing to ensure that malicious script does not execute when user input is displayed.
  • Deploy a temporary security measure such as a web application firewall rule or a strict Content Security Policy header that blocks inline script execution on the affected pages until the patch is verified.

Generated by OpenCVE AI on May 12, 2026 at 10:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 13 May 2026 02:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 12 May 2026 09:30:00 +0000

Type Values Removed Values Added
Description A vulnerability has been identified in Teamcenter V2312 (All versions < V2312.0014), Teamcenter V2406 (All versions < V2406.0012), Teamcenter V2412 (All versions < V2412.0009), Teamcenter V2506 (All versions < V2506.0005), Teamcenter V2512 (All versions). The affected application does not properly encode or filter user-supplied data. This could allow an attacker to inject malicious code that can be executed by other users when they visit the affected page.
Weaknesses CWE-79
References
Metrics cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N'}

cvssV4_0

{'score': 8.5, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: siemens

Published:

Updated: 2026-05-13T01:48:31.646Z

Reserved: 2026-03-24T12:34:25.562Z

Link: CVE-2026-33862

cve-icon Vulnrichment

Updated: 2026-05-13T01:46:49.363Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-12T10:16:45.773

Modified: 2026-05-12T14:19:41.400

Link: CVE-2026-33862

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-12T11:00:07Z

Weaknesses