PT-2012-54: Denial of Service in Siemens Teamcenter Vulnerable productSiemens Teamcenter Version: 2007 and 8.0Application link: http://www.plm.automation.siemens.com/en_us/products/teamcenter/index.shtmlSeverity levelSeverity level: High Impact: Denial of Service Access Vector: Remote CVSS v2: Base Score: 7.8 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:C) CVE: not assignedProduct descriptionTeamcenter product life cycle management software helps companies deliver increasingly complex products while maximizing productivity and streamlining global operations.Vulnerability descriptionThe specialists of Positive Research, the Positive Technologies company research center, found a Denial of Service vulnerability in Siemens Teamcenter. Teamcenter Secure File Management Service (tcfs) vulnerability exists as inbound TCP string length is not checked. An attacker is able to send a specially crafted request to the service port that leads to denial of service. How to fixUpdate your software up to the latest versionAdvisory status09.10.2012 - Vendor is notified 09.10.2012 - Vendor gets vulnerability details 13.11.2012 - Vendor publishes fix information 04.02.2013 - Public disclosureCreditsThe vulnerability has discovered by Ilya Smit, Dmitry Efanov, Positive Research Center (Positive Technologies Company)Referenceshttp://en.securitylab.ru/lab/PT-2012-54 http://support.industrysoftware.automation.siemens.com/gtac.shtml Reports on the vulnerabilities previously discovered by Positive Research:http://ptsecurity.com/research/advisory/ http://en.securitylab.ru/lab/
