Authentication Bypass by Primary Weakness in Siemens products - CVE-2024-42513
Published: March 12, 2025
Vulnerability identifier: #VU105635
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2024-42513
CWE-ID: CWE-305
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Siemens
Affected software:
SINUMERIK Edge
SIMATIC IPC DiagMonitor
SIMATIC WinCC Unified
SIMATIC BRAUMAT
SIMATIC Energy Manager PRO
SIMATIC SISTAR
Totally Integrated Automation Portal (TIA Portal)
SIMATIC WinCC
SINUMERIK Edge
SIMATIC IPC DiagMonitor
SIMATIC WinCC Unified
SIMATIC BRAUMAT
SIMATIC Energy Manager PRO
SIMATIC SISTAR
Totally Integrated Automation Portal (TIA Portal)
SIMATIC WinCC
Detailed vulnerability description
The vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to insufficient access control in the OPC UA .NET Standard Stack. A remote attacker can bypass application authentication when using HTTPS endpoints.
How to mitigate CVE-2024-42513
Install updates from vendor's website.