Full Report
The SSO login service in Teamcenter contains an open redirect vulnerability that could allow an attacker to redirect the legitimate user to an attacker-chosen URL to steal valid session data. Siemens has released new versions for the affected products and recommends to update to the latest versions.
Analysis Summary
# Vulnerability: Open Redirect in Teamcenter SSO Login Service
## CVE Details
- **CVE ID:** CVE-2025-23363
- **CVSS Score:** 7.4 (High) - CVSS v3.1 / 6.1 (Medium) - CVSS v4.0
- **CWE:** CWE-601: URL Redirection to Untrusted Site ('Open Redirect')
## Affected Systems
- **Products:** Siemens Teamcenter
- **Versions:**
- Teamcenter V14.1 (All versions)
- Teamcenter V14.2 (All versions)
- Teamcenter V14.3 (Versions < V14.3.0.14)
- Teamcenter V2312 (Versions < V2312.0010)
- Teamcenter V2406 (Versions < V2406.0008)
- Teamcenter V2412 (Versions < V2412.0004)
- **Configurations:** Systems utilizing the SSO login service.
## Vulnerability Description
The Teamcenter SSO login service fails to properly validate user-controlled input used to specify redirection targets. An attacker can craft a malicious URL that, when processed by the SSO service, redirects a legitimate user to an external, attacker-controlled website. This flaw is primarily leveraged to facilitate phishing attacks or to intercept valid session data during the login handshake.
## Exploitation
- **Status:** Not specified as exploited in the wild; PoC not public in advisory.
- **Complexity:** Low
- **Attack Vector:** Network
- **User Interaction:** Required (Legitimate user must click an attacker-crafted link).
## Impact
- **Confidentiality:** High (Potential theft of session tokens/credentials).
- **Integrity:** None (CVSS v3.1) / Low (CVSS v4.0).
- **Availability:** None.
## Remediation
### Patches
Siemens recommends updating to the following versions or applying specified hotfixes:
- **Teamcenter V14.1 & V14.2:** Apply hot fix per Software Field Bulletin PL8837639.
- **Teamcenter V14.3:** Update to V14.3.0.14 or later.
- **Teamcenter V2312:** Update to V2312.0010 or later.
- **Teamcenter V2406:** Update to V2406.0008 or later.
- **Teamcenter V2412:** Update to V2412.0004 or later.
### Workarounds
- Users should strictly avoid clicking on links from untrusted or suspicious sources.
- Follow Siemens' operational guidelines for Industrial Security to protect network access.
## Detection
- **Indicators of Compromise:** Unusual redirection patterns in web server logs originating from the SSO login service to external/unknown domains.
- **Detection Methods:** Monitor for HTTP 301/302 response codes where the `Location` header points to non-corporate or unauthorized external URLs.
## References
- **Vendor Advisory:** [https://cert-portal.siemens.com/productcert/html/ssa-656895.html]
- **Siemens Support (PL8837639):** [https://support.sw.siemens.com/en-US/product/282219420/knowledge-base/PL8837639]
- **General Security Recommendations:** [https://www.siemens.com/cert/operational-guidelines-industrial-security]