Description
A vulnerability has been identified in COMOS V10.4.5 (All versions < V10.4.5.0.2), COMOS V10.6 (All versions < V10.6.1), Designcenter NX (All versions < V2512.7000), Simcenter 3D (All versions < V2512.7000), Simcenter Femap V2506 (All versions < V2506.0003), Simcenter Femap V2512 (All versions < V2512.0002), Simcenter Nastran (All versions < V2606), Simcenter STAR-CCM+ (All versions < V2606), Solid Edge SE2025 (All versions < V225.0 Update 13), Solid Edge SE2026 (All versions < V226.0 Update 04), Teamcenter Visualization V2412 (All versions < V2412.0012), Teamcenter Visualization V2506 (All versions < V2506.0009), Teamcenter Visualization V2512 (All versions < V2512.2605), Tecnomatix Plant Simulation V2404 (All versions < V2404.0022), Tecnomatix Plant Simulation V2504 (All versions < V2504.0010), Tecnomatix Process Simulate (All versions < V2606). Untrusted search path in IAM Client SDK may allow an authenticated user to potentially enable escalation of privilege via local access.
Problem types
CWE-426: Untrusted Search Path
Product status
Any version before V10.4.5.0.2
Any version before V10.6.1
Any version before V2512.7000
Any version before V2512.7000
Any version before V2506.0003
Any version before V2512.0002
Any version before V2606
Any version before V2606
Any version before V225.0 Update 13
Any version before V226.0 Update 04
Any version before V2412.0012
Any version before V2506.0009
Any version before V2512.2605
Any version before V2404.0022
Any version before V2504.0010
Any version before V2606
References
cert-portal.siemens.com/productcert/html/ssa-288252.html