CVE-2026-33862 | THREATINT

Description

A vulnerability has been identified in Teamcenter V2312 (All versions < V2312.0014), Teamcenter V2406 (All versions < V2406.0012), Teamcenter V2412 (All versions < V2412.0009), Teamcenter V2506 (All versions < V2506.0005), Teamcenter V2512 (All versions). The affected application does not properly encode or filter user-supplied data. This could allow an attacker to inject malicious code that can be executed by other users when they visit the affected page.

PUBLISHED Reserved 2026-03-24 | Published 2026-05-12 | Updated 2026-05-13 | Assigner siemens

HIGH: 7.3CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

HIGH: 8.5CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Product status

Default status

unknown

Any version before V2312.0014

affected

Default status

unknown

Any version before V2406.0012

affected

Default status

unknown

Any version before V2412.0009

affected

Default status

unknown

Any version before V2506.0005

affected

Default status

unknown

Any version before *

unaffected

References

cert-portal.siemens.com/productcert/html/ssa-827383.html

cve.org (CVE-2026-33862)

nvd.nist.gov (CVE-2026-33862)

Download JSON