Description
A vulnerability has been identified in Teamcenter V2312 (All versions < V2312.0014), Teamcenter V2406 (All versions < V2406.0012), Teamcenter V2412 (All versions < V2412.0009), Teamcenter V2506 (All versions < V2506.0005), Teamcenter V2512 (All versions). The affected application contains hardcoded key which is used for obfuscation stored directly into the application.
This could allow an attacker to obtain these keys and misuse them to gain unauthorized access.
Published: 2026-05-12
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability arises from the presence of a hard‑coded key within Siemens Teamcenter applications. This key is embedded in the application binary and can be extracted by an attacker who has read access to the binary or memory. With the key in hand, an attacker can potentially authenticate or manipulate data, granting unauthorized access to the system. The flaw is classified as an authentication weakness (CWE‑798) and is rated high severity with a CVSS of 8.7.

Affected Systems

Siemens Teamcenter versions V2312, V2406, V2412, V2506 and the entire V2512 series are impacted. Versions older than V2312.0014, V2406.0012, V2412.0009 and V2506.0005 contain the vulnerable implementation.

Risk and Exploitability

No EPSS score is available, but the CVSS of 8.7 indicates that exploitation could lead to unauthorized access or privilege escalation. The vulnerability is not listed in the CISA KEV catalog, suggesting that public exploits have not been observed yet. Based on the description, it is inferred that an attacker could extract the hard‑coded key from the application binary; remote exploitation would require code execution or privilege within the environment.

Generated by OpenCVE AI on May 12, 2026 at 10:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the Siemens security update that removes the hard‑coded key as referenced in the advisory.
  • Enable multi‑factor authentication or other access controls for users interacting with Teamcenter.
  • Restrict network access to Teamcenter services to authorized IP addresses or apply firewall rules to limit exposure.

Generated by OpenCVE AI on May 12, 2026 at 10:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 12 May 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 12 May 2026 11:15:00 +0000

Type Values Removed Values Added
Title Hardcoded Key Vulnerability in Siemens Teamcenter Enabling Unauthorized Access

Tue, 12 May 2026 09:30:00 +0000

Type Values Removed Values Added
Description A vulnerability has been identified in Teamcenter V2312 (All versions < V2312.0014), Teamcenter V2406 (All versions < V2406.0012), Teamcenter V2412 (All versions < V2412.0009), Teamcenter V2506 (All versions < V2506.0005), Teamcenter V2512 (All versions). The affected application contains hardcoded key which is used for obfuscation stored directly into the application. This could allow an attacker to obtain these keys and misuse them to gain unauthorized access.
Weaknesses CWE-798
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: siemens

Published:

Updated: 2026-05-12T13:25:42.831Z

Reserved: 2026-03-24T15:32:19.391Z

Link: CVE-2026-33893

cve-icon Vulnrichment

Updated: 2026-05-12T13:25:28.923Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-12T10:16:45.913

Modified: 2026-05-12T14:19:41.400

Link: CVE-2026-33893

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-12T11:00:07Z

Weaknesses