#VU64575 Use of Client-Side Authentication in SIMATIC WinCC OA - CVE-2022-33139

Cybersecurity Help s.r.o.

Published: 2022-06-22

Vulnerability identifier: #VU64575

Vulnerability risk: High

CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2022-33139

CWE-ID: CWE-603

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
SIMATIC WinCC OA
Server applications / SCADA systems

Vendor: Siemens

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to the affected applications use client-side only authentication when neither server-side authentication nor Kerberos authentication is enabled. A remote attacker can impersonate other users or exploit the client-server protocol without being authenticated.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

SIMATIC WinCC OA: 3.16 - 3.18

External links
https://cert-portal.siemens.com/productcert/pdf/ssa-111512.pdf

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Use of Client-Side Authentication in Siemens Desigo CC and Cerberus DMS

Use of Client-Side Authentication in Siemens WinCC OA