IM
IronMonkey Threat Research
‹ Back to ICS Advisories

SSA-555707: Information Disclosure Vulnerability in Simcenter STAR-CCM+

MEDIUM
CVSS 5.3
Date 2026-07-14T00:00:00+00:00
Source siemens-productcert
Published by Siemens ProductCERT

// Description

Simcenter STAR-CCM+ contains an information disclosure vulnerability when using the Power-on-Demand public license server. An attacker could access a system's host, user, and display name. Siemens has updated the public Power-on-Demand public license server.

// Vulnerabilities (1)

CVE ID CVSS Score Severity Description
CVE-2022-34659 5.3 medium
CVE-2022-34659. Affected applications expose user, host and display name of users, when the public license server is used. This could allow an attacker to retrieve this information.

// Remediations (5)

Patch: Vulnerability fixed with update of Power-on-Demand public license server on 2026-06-24; no user acti
Vulnerability fixed with update of Power-on-Demand public license server on 2026-06-24; no user actions necessary
Mitigation: Avoid using sensitive or personal data in user, host and display names
Avoid using sensitive or personal data in user, host and display names
Mitigation: Set the environmental variable STARLICENSEHIDE to 1. This will send the string "unknown" for the use
Set the environmental variable STARLICENSEHIDE to 1. This will send the string "unknown" for the user, host and display name instead of the real values. The setting is supported since version V8.04 (June 2013) of Simcenter STAR-CCM+
Mitigation: Avoid using sensitive or personal data in user, host and display names
Avoid using sensitive or personal data in user, host and display names
Mitigation: Set the environmental variable STARLICENSEHIDE to 1. This will send the string "unknown" for the use
Set the environmental variable STARLICENSEHIDE to 1. This will send the string "unknown" for the user, host and display name instead of the real values. The setting is supported since version V8.04 (June 2013) of Simcenter STAR-CCM+

// References