Siemens WinCC OA

🗓️ 21 Jun 2022 00:00:00Reported by Industrial Control Systems Cyber Emergency Response TeamType

ics

ics🔗 www.cisa.gov👁 111 Views

Siemens WinCC OA Use of Client-side Authentication Vulnerabilit

Reporter	Title	Published	Views	Family All 13
ATTACKERKB	CVE-2022-33139	21 Jun 202213:15	–	attackerkb
BDU FSTEC	The vulnerability of the SCADA system SIMATIC WinCC, related to the possibility of using authentication on the client side, allows attackers to increase their privileges.	23 Jun 202200:00	–	bdu_fstec
Circl	CVE-2022-33139	21 Jun 202216:27	–	circl
CNNVD	Siemens SIMATIC WinCC OA 授权问题漏洞	21 Jun 202200:00	–	cnnvd
CNVD	Siemens SIMATIC WinCC OA Client Authentication Vulnerability	22 Jun 202200:00	–	cnvd
CVE	CVE-2022-33139	21 Jun 202200:00	–	cve
Cvelist	CVE-2022-33139	21 Jun 202200:00	–	cvelist
ICS	Siemens Desigo CC and Cerberus DMS	11 Oct 202200:00	–	ics
NVD	CVE-2022-33139	21 Jun 202213:15	–	nvd
Prion	Default configuration	21 Jun 202213:15	–	prion

Source	Link
cert-portal	www.cert-portal.siemens.com/productcert/csaf/ssa-111512.json
cert-portal	www.cert-portal.siemens.com/productcert/txt/ssa-111512.txt
cert-portal	www.cert-portal.siemens.com/productcert/pdf/ssa-111512.pdf
raw	www.raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2022/icsa-22-172-06.json
cisa	www.cisa.gov/news-events/ics-advisories/icsa-22-172-06
cisa	www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01
cisa	www.cisa.gov/resources-tools/resources/ics-recommended-practices
cisa	www.cisa.gov/topics/industrial-control-systems
us-cert	www.us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf
cisa	www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf

21 Jun 2022 00:00Current

10High risk

Vulners AI Score10

CVSS 26.8

CVSS 3.19.8

EPSS0.00409

siemens wincc oa client-side authentication vulnerability scada hmi system