An access control error vulnerability exists in Siemens Teamcenter, a product lifecycle management computer software application from Siemens, Germany. The vulnerability is due to a failure of the surrogate function on the application user profile to perform sufficient access control, which could lead to account takeover. An attacker could exploit the vulnerability to access tasks assigned by any other user via inbox/surrogate tasks.