CVE-2022-33139

Name of the Vulnerable Software and Affected Versions Cerberus DMS versions all Desigo CC versions all Desigo CC Compact versions all SIMATIC WinCC OA V3.16 versions all SIMATIC WinCC OA V3.17 versions all SIMATIC WinCC OA V3.18 versions all

Description A vulnerability has been identified in the affected applications, which use client-side only authentication when neither server-side authentication (SSA) nor Kerberos authentication is enabled. This configuration allows attackers to impersonate other users or exploit the client-server protocol without being authenticated.

Recommendations For Cerberus DMS, consider enabling server-side authentication (SSA) or Kerberos authentication to mitigate the risk. For Desigo CC, consider enabling server-side authentication (SSA) or Kerberos authentication to mitigate the risk. For Desigo CC Compact, consider enabling server-side authentication (SSA) or Kerberos authentication to mitigate the risk. For SIMATIC WinCC OA V3.16, consider changing the configuration to enable server-side authentication (SSA) or Kerberos authentication. For SIMATIC WinCC OA V3.17, consider changing the configuration to enable server-side authentication (SSA) or Kerberos authentication. For SIMATIC WinCC OA V3.18, consider changing the configuration to enable server-side authentication (SSA) or Kerberos authentication.