cbcvebase.
CVE-2022-33139
published 2022-06-21

CVE-2022-33139: A vulnerability has been identified in Cerberus DMS (All versions), Desigo CC (All versions), Desigo CC Compact (All versions), SIMATIC WinCC OA V3.16 (All…

PriorityP263critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.17%
63.4th percentile
A vulnerability has been identified in Cerberus DMS (All versions), Desigo CC (All versions), Desigo CC Compact (All versions), SIMATIC WinCC OA V3.16 (All versions in default configuration), SIMATIC WinCC OA V3.17 (All versions in non-default configuration), SIMATIC WinCC OA V3.18 (All versions in non-default configuration). Affected applications use client-side only authentication, when neither server-side authentication (SSA) nor Kerberos authentication is enabled. In this configuration, attackers could impersonate other users or exploit the client-server protocol without being authenticated.

Affected

9 ranges
VendorProductVersion rangeFixed in
siemenscerberus_dms
siemensdesigo_cc
siemensdesigo_cc_compact
siemenssimatic_wincc_oa_v3.16
siemenssimatic_wincc_oa_v3.17
siemenssimatic_wincc_oa_v3.18
siemenswincc_open_architecture
siemenswincc_open_architecture
siemenswincc_open_architecture

Detection & IOCsextracted from sources · hover to see the quote

  • Detect absence of server-side authentication (SSA) and Kerberos authentication in WinCC OA / Desigo CC / Cerberus DMS deployments — the vulnerable condition is client-side-only authentication when neither SSA nor Kerberos is enabled
  • Monitor for unauthenticated or anomalous client-server protocol traffic targeting SIMATIC WinCC OA, Desigo CC, Desigo CC Compact, and Cerberus DMS management stations — exploitation allows protocol abuse without authentication
  • Alert on network access attempts to WinCC OA / Desigo CC / Cerberus DMS from outside the ICS network perimeter — the vulnerability is exploitable remotely with low attack complexity and no privileges required (CVSS AV:N/AC:L/PR:N/UI:N)
  • ·SIMATIC WinCC OA V3.16 is vulnerable in ALL configurations (default); V3.17 and V3.18 are only vulnerable in non-default configurations where SSA and Kerberos are both disabled
  • ·Desigo CC, Desigo CC Compact, and Cerberus DMS are vulnerable in ALL versions regardless of configuration
  • ·Mitigation for WinCC OA is to enable server-side authentication (SSA) or Kerberos authentication; absence of both is the exploitable condition
  • ·No known public exploits specifically target this vulnerability at time of advisory publication

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.