Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2022-33139

Опубликовано: 21 июн. 2022
Источник: nvd
CVSS3: 9.8
CVSS2: 6.8
EPSS Низкий

Описание

A vulnerability has been identified in Cerberus DMS (All versions), Desigo CC (All versions), Desigo CC Compact (All versions), SIMATIC WinCC OA V3.16 (All versions in default configuration), SIMATIC WinCC OA V3.17 (All versions in non-default configuration), SIMATIC WinCC OA V3.18 (All versions in non-default configuration). Affected applications use client-side only authentication, when neither server-side authentication (SSA) nor Kerberos authentication is enabled. In this configuration, attackers could impersonate other users or exploit the client-server protocol without being authenticated.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:siemens:cerberus_dms:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:desigo_cc:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:desigo_cc_compact:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:wincc_open_architecture:3.16:*:*:*:*:*:*:*
cpe:2.3:a:siemens:wincc_open_architecture:3.17:*:*:*:*:*:*:*
cpe:2.3:a:siemens:wincc_open_architecture:3.18:*:*:*:*:*:*:*

EPSS

Процентиль: 59%
0.0039
Низкий

9.8 Critical

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-603
CWE-287

Связанные уязвимости

github логотип

GHSA-28c6-247x-r9mw

CVSS3: 9.8
github
около 3 лет назад

A vulnerability has been identified in SIMATIC WinCC OA V3.16 (All versions in default configuration), SIMATIC WinCC OA V3.17 (All versions in non-default configuration), SIMATIC WinCC OA V3.18 (All versions in non-default configuration). Affected applications use client-side only authentication, when neither server-side authentication (SSA) nor Kerberos authentication is enabled. In this configuration, attackers could impersonate other users or exploit the client-server protocol without being authenticated.

fstec логотип

BDU:2022-03715

CVSS3: 9.8
fstec
около 3 лет назад

Уязвимость SCADA-системы SIMATIC WinCC, связанная с возможностью использования аутентификации на стороне клиента, позволяющая нарушителю повысить свои привилегии

EPSS

Процентиль: 59%
0.0039
Низкий

9.8 Critical

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-603
CWE-287