Incorrect Implementation of Authentication Algorithm in Opcenter Quality

#VU65279 Incorrect Implementation of Authentication Algorithm in Opcenter Quality

Published: 2022-07-13 | Updated: 2022-07-14

Vulnerability identifier: #VU65279

Vulnerability risk: Medium

CVSSv3.1: 8.3 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-33736

CWE-ID: CWE-303

Exploitation vector: Local network

Exploit availability: No

Vulnerable software:
Opcenter Quality
Server applications / SCADA systems

Vendor: Siemens

Description

The vulnerability allows a remote attacker to to bypass authentication process.

The vulnerability exists due to the affected application does not properly validate login information during authentication. A remote attacker on the local network can login without credentials.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Opcenter Quality: 13.1 - 13.2

External links
http://cert-portal.siemens.com/productcert/pdf/ssa-944952.pdficsa-22-195-17

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Authentication bypass in Siemens Opcenter Quality