CVE-2022-33736

CWE-303CWE-287Improper Authentication3 documents3 sources
Severity
7.5HIGH
EPSS
0.6%
top 30.53%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Siemens Opcenter QualitySiemens Opcenter Quality V13.1Siemens Opcenter Quality V13.2
Timeline
PublishedJul 12
Latest updateJul 13

Description

A vulnerability has been identified in Opcenter Quality V13.1 (All versions < V13.1.20220624), Opcenter Quality V13.2 (All versions < V13.2.20220624). The affected applications do not properly validate login information during authentication. This could lead to denial of service condition for existing users or allow unauthenticated remote attackers to successfully login without credentials.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

NVDsiemens/opcenter_quality13.1.013.1.20220624+1
CVEListV5siemens/opcenter_quality_v13.1All versions < V13.1.20220624
CVEListV5siemens/opcenter_quality_v13.2All versions < V13.2.20220624

Patches

Patch: cert-portal.siemens.comPatch: cert-portal.siemens.com

🔴Vulnerability Details

2
GHSA
GHSA-m3xw-wjv6-wx6x: A vulnerability has been identified in Opcenter Quality V132022-07-13
CVEList
CVE-2022-33736: A vulnerability has been identified in Opcenter Quality V132022-07-12
CVE-2022-33736 (HIGH CVSS 7.5) | A vulnerability has been identified | cvebase.io