1. Home
  2. CVE Database
  3. CVE-2022-33139
CRITICAL · 9.8

CVE-2022-33139

A vulnerability has been identified in Cerberus DMS (All versions), Desigo CC (All versions), Desigo CC Compact (All versions), SIMATIC WinCC OA V3.16 (All versions in default configuration), SIMATIC ...

Vulnerability Description

A vulnerability has been identified in Cerberus DMS (All versions), Desigo CC (All versions), Desigo CC Compact (All versions), SIMATIC WinCC OA V3.16 (All versions in default configuration), SIMATIC WinCC OA V3.17 (All versions in non-default configuration), SIMATIC WinCC OA V3.18 (All versions in non-default configuration). Affected applications use client-side only authentication, when neither server-side authentication (SSA) nor Kerberos authentication is enabled. In this configuration, attackers could impersonate other users or exploit the client-server protocol without being authenticated.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
SiemensCerberus DmsAll versions
SiemensDesigo CcAll versions
SiemensDesigo Cc CompactAll versions
SiemensWincc Open Architecture3.16

Related Weaknesses (CWE)

CWE-287CWE-603

References

FAQ

What is CVE-2022-33139?

CVE-2022-33139 is a vulnerability with a CVSS score of 9.8 (CRITICAL). A vulnerability has been identified in Cerberus DMS (All versions), Desigo CC (All versions), Desigo CC Compact (All versions), SIMATIC WinCC OA V3.16 (All versions in default configuration), SIMATIC ...

How severe is CVE-2022-33139?

CVE-2022-33139 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2022-33139?

Check the references section above for vendor advisories and patch information. Affected products include: Siemens Cerberus Dms, Siemens Desigo Cc, Siemens Desigo Cc Compact, Siemens Wincc Open Architecture.