CVE-2022-33139
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A vulnerability has been identified in Cerberus DMS (All versions), Desigo CC (All versions), Desigo CC Compact (All versions), SIMATIC WinCC OA V3.16 (All versions in default configuration), SIMATIC WinCC OA V3.17 (All versions in non-default configuration), SIMATIC WinCC OA V3.18 (All versions in non-default configuration). Affected applications use client-side only authentication, when neither server-side authentication (SSA) nor Kerberos authentication is enabled. In this configuration, attackers could impersonate other users or exploit the client-server protocol without being authenticated.
Se ha identificado una vulnerabilidad en Cerberus DMS (Todas las versiones), Desigo CC (Todas las versiones), Desigo CC Compact (Todas las versiones), SIMATIC WinCC OA V3.16 (Todas las versiones en configuración por defecto), SIMATIC WinCC OA V3.17 (Todas las versiones en configuración no por defecto), SIMATIC WinCC OA V3.18 (Todas las versiones en configuración no por defecto). Las aplicaciones afectadas utilizan sólo la autenticación del lado del cliente, cuando no están habilitadas ni la autenticación del lado del servidor (SSA) ni la autenticación Kerberos. En esta configuración, los atacantes podrían suplantar a otros usuarios o explotar el protocolo cliente-servidor sin ser autenticados
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-06-13 CVE Reserved
- 2022-06-21 CVE Published
- 2024-01-12 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-287: Improper Authentication
- CWE-603: Use of Client-Side Authentication
CAPEC
References (2)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-111512.pdf | 2024-02-13 | |
https://cert-portal.siemens.com/productcert/pdf/ssa-836027.pdf | 2024-02-13 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Siemens Search vendor "Siemens" | Cerberus Dms Search vendor "Siemens" for product "Cerberus Dms" | * | - |
Affected
| ||||||
Siemens Search vendor "Siemens" | Desigo Cc Search vendor "Siemens" for product "Desigo Cc" | * | - |
Affected
| ||||||
Siemens Search vendor "Siemens" | Desigo Cc Compact Search vendor "Siemens" for product "Desigo Cc Compact" | * | - |
Affected
| ||||||
Siemens Search vendor "Siemens" | Wincc Open Architecture Search vendor "Siemens" for product "Wincc Open Architecture" | 3.16 Search vendor "Siemens" for product "Wincc Open Architecture" and version "3.16" | - |
Affected
| ||||||
Siemens Search vendor "Siemens" | Wincc Open Architecture Search vendor "Siemens" for product "Wincc Open Architecture" | 3.17 Search vendor "Siemens" for product "Wincc Open Architecture" and version "3.17" | - |
Affected
| ||||||
Siemens Search vendor "Siemens" | Wincc Open Architecture Search vendor "Siemens" for product "Wincc Open Architecture" | 3.18 Search vendor "Siemens" for product "Wincc Open Architecture" and version "3.18" | - |
Affected
|