Published: 21/06/2022 Updated: 29/06/2022

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

A vulnerability has been identified in SIMATIC WinCC OA V3.16 (All versions in default configuration), SIMATIC WinCC OA V3.17 (All versions in non-default configuration), SIMATIC WinCC OA V3.18 (All versions in non-default configuration). Affected applications use client-side only authentication, when neither server-side authentication (SSA) nor Kerberos authentication is enabled. In this configuration, attackers could impersonate other users or exploit the client-server protocol without being authenticated.

Vulnerable Product	Search on Vulmon	Subscribe to Product
siemens wincc open architecture 3.16
siemens wincc open architecture 3.17
siemens wincc open architecture 3.18

CWE-287 https://cert-portal.siemens.com/productcert/pdf/ssa-111512.pdf https://nvd.nist.gov https://www.cisa.gov/uscert/ics/advisories/icsa-22-172-06

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2022-33139

Vulnerability Summary

Most Upvoted Vulmon Research Post

Vulnerability Trend

ICS Advisories

References

Vulmon Search

About

Products

Connect