CVE-2022-33139
published 2022-06-21CVE-2022-33139: A vulnerability has been identified in Cerberus DMS (All versions), Desigo CC (All versions), Desigo CC Compact (All versions), SIMATIC WinCC OA V3.16 (All…
PriorityP263critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.17%
63.4th percentile
A vulnerability has been identified in Cerberus DMS (All versions), Desigo CC (All versions), Desigo CC Compact (All versions), SIMATIC WinCC OA V3.16 (All versions in default configuration), SIMATIC WinCC OA V3.17 (All versions in non-default configuration), SIMATIC WinCC OA V3.18 (All versions in non-default configuration). Affected applications use client-side only authentication, when neither server-side authentication (SSA) nor Kerberos authentication is enabled. In this configuration, attackers could impersonate other users or exploit the client-server protocol without being authenticated.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| siemens | cerberus_dms | — | — |
| siemens | desigo_cc | — | — |
| siemens | desigo_cc_compact | — | — |
| siemens | simatic_wincc_oa_v3.16 | — | — |
| siemens | simatic_wincc_oa_v3.17 | — | — |
| siemens | simatic_wincc_oa_v3.18 | — | — |
| siemens | wincc_open_architecture | — | — |
| siemens | wincc_open_architecture | — | — |
| siemens | wincc_open_architecture | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect absence of server-side authentication (SSA) and Kerberos authentication in WinCC OA / Desigo CC / Cerberus DMS deployments — the vulnerable condition is client-side-only authentication when neither SSA nor Kerberos is enabled ↗
- →Monitor for unauthenticated or anomalous client-server protocol traffic targeting SIMATIC WinCC OA, Desigo CC, Desigo CC Compact, and Cerberus DMS management stations — exploitation allows protocol abuse without authentication ↗
- →Alert on network access attempts to WinCC OA / Desigo CC / Cerberus DMS from outside the ICS network perimeter — the vulnerability is exploitable remotely with low attack complexity and no privileges required (CVSS AV:N/AC:L/PR:N/UI:N) ↗
- ·SIMATIC WinCC OA V3.16 is vulnerable in ALL configurations (default); V3.17 and V3.18 are only vulnerable in non-default configurations where SSA and Kerberos are both disabled ↗
- ·Desigo CC, Desigo CC Compact, and Cerberus DMS are vulnerable in ALL versions regardless of configuration ↗
- ·Mitigation for WinCC OA is to enable server-side authentication (SSA) or Kerberos authentication; absence of both is the exploitable condition ↗
- ·No known public exploits specifically target this vulnerability at time of advisory publication ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Siemens Desigo CC and Cerberus DMS
cisa_ics·2022-10-13·CVSS 9.8
[CRITICAL] Siemens Desigo CC and Cerberus DMS
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Siemens Desigo CC and Cerberus DMS
Last RevisedOctober 13, 2022
Alert CodeICSA-22-286-16
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Siemens
- Equipment: Desigo CC and Cerberus DMS
- Vulnerability: Use of Client-Side Authentication
## 2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an attacker to impersonate other users or exploit the client-server protocol without being authenticated.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following versions of Siemens management stat
CISA ICS
Siemens WinCC OA
cisa_ics·2022-06-21·CVSS 9.8
[CRITICAL] Siemens WinCC OA
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Siemens WinCC OA
Last RevisedJune 21, 2022
Alert CodeICSA-22-172-06
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Siemens
- Equipment: SIMATIC WinCC OA
- Vulnerability: Use of Client-side Authentication
CISA is aware of a public report, known as “OT:ICEFALL” that details vulnerabilities found in multiple operational technology (OT) vendors. CISA is issuing this advisory to provide notice of the reported vulnerabilities and identify baseline mitigations for reducing risks to these and other cybersecurity attacks.
##
GHSA
GHSA-28c6-247x-r9mw: A vulnerability has been identified in SIMATIC WinCC OA V3
ghsa_unreviewed·2022-06-22
CVE-2022-33139 [CRITICAL] CWE-287 GHSA-28c6-247x-r9mw: A vulnerability has been identified in SIMATIC WinCC OA V3
A vulnerability has been identified in SIMATIC WinCC OA V3.16 (All versions in default configuration), SIMATIC WinCC OA V3.17 (All versions in non-default configuration), SIMATIC WinCC OA V3.18 (All versions in non-default configuration). Affected applications use client-side only authentication, when neither server-side authentication (SSA) nor Kerberos authentication is enabled. In this configuration, attackers could impersonate other users or exploit the client-server protocol without being authenticated.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
CWE
Use of Client-Side Authentication
mitre_cwe·CVSS 10.0
[CRITICAL] CWE-603 Use of Client-Side Authentication
CWE-603: Use of Client-Side Authentication
A client/server product performs authentication within client code but not in server code, allowing server-side authentication to be bypassed via a modified client that omits the authentication check.
Client-side authentication is extremely weak and may be breached easily. Any attacker may read the source code and reverse-engineer the authentication mechanism to access parts of the application which would otherwise be protected.
Modes of Introduction:
Phase: Architecture and Design
Note: COMMISSION: This weakness refers to an incorrect design related to an architectural security tactic.
Phase: Implementation
Common Consequences:
Scope: Access Control. Impact: Bypass Protection Mechanism, Gain Privileges or Assume Identity.
Potential Mitigatio
CWE
Improper Authentication
mitre_cwe
CWE-287 Improper Authentication
CWE-287: Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
Modes of Introduction:
Phase: Architecture and Design
Phase: Implementation
Note: REALIZATION: This weakness is caused during implementation of an architectural security tactic.
Common Consequences:
Scope: Integrity, Confidentiality, Availability, Access Control. Impact: Read Application Data, Gain Privileges or Assume Identity, Execute Unauthorized Code or Commands. This weakness can lead to the exposure of resources or functionality to unintended actors, possibly providing attackers with sensitive information or even execute arbitrary code.
Detection Methods:
Automated Static Analysis: Automated static analysis is useful for de
CWE
Client-Side Enforcement of Server-Side Security
mitre_cwe
CWE-602 Client-Side Enforcement of Server-Side Security
CWE-602: Client-Side Enforcement of Server-Side Security
The product is composed of a server that relies on the client to implement a mechanism that is intended to protect the server.
When the server relies on protection mechanisms placed on the client side, an attacker can modify the client-side behavior to bypass the protection mechanisms, resulting in potentially unexpected interactions between the client and server. The consequences will vary, depending on what the mechanisms are trying to protect.
Modes of Introduction:
Phase: Architecture and Design
Note: COMMISSION: This weakness refers to an incorrect design related to an architectural security tactic.
Phase: Architecture and Design
Note: Consider a product that consists of two or more processes or nodes that must interact close
2022-06-21
Published