Siemens Desigo CC and Cerberus DMS

🗓️ 11 Oct 2022 00:00:00Reported by Industrial Control Systems Cyber Emergency Response TeamType

ics🔗 www.cisa.gov👁 43 Views

Siemens Desigo CC and Cerberus DMS have a Use of Client-Side Authentication vulnerability with a CVSS v3 score of 9.8. Exploitation could lead to impersonation of users and protocol exploitation

Reporter	Title	Published	Views	Family All 13
ATTACKERKB	CVE-2022-33139	21 Jun 202213:15	–	attackerkb
BDU FSTEC	The vulnerability of the SCADA system SIMATIC WinCC, related to the possibility of using authentication on the client side, allows attackers to increase their privileges.	23 Jun 202200:00	–	bdu_fstec
Circl	CVE-2022-33139	21 Jun 202216:27	–	circl
CNNVD	Siemens SIMATIC WinCC OA 授权问题漏洞	21 Jun 202200:00	–	cnnvd
CNVD	Siemens SIMATIC WinCC OA Client Authentication Vulnerability	22 Jun 202200:00	–	cnvd
CVE	CVE-2022-33139	21 Jun 202200:00	–	cve
Cvelist	CVE-2022-33139	21 Jun 202200:00	–	cvelist
ICS	Siemens WinCC OA	21 Jun 202200:00	–	ics
NVD	CVE-2022-33139	21 Jun 202213:15	–	nvd
Prion	Default configuration	21 Jun 202213:15	–	prion

Source	Link
cert-portal	www.cert-portal.siemens.com/productcert/csaf/ssa-836027.json
cert-portal	www.cert-portal.siemens.com/productcert/txt/ssa-836027.txt
cert-portal	www.cert-portal.siemens.com/productcert/pdf/ssa-836027.pdf
raw	www.raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2022/icsa-22-286-16.json
cisa	www.cisa.gov/news-events/ics-advisories/icsa-22-286-16
cisa	www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01
cisa	www.cisa.gov/resources-tools/resources/ics-recommended-practices
cisa	www.cisa.gov/topics/industrial-control-systems
us-cert	www.us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf
cisa	www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf

11 Oct 2022 00:00Current

10High risk

Vulners AI Score10

CVSS 26.8

CVSS 3.19.8

EPSS0.00409