Siemens Opcenter Quality

CVEs (7)

Remediations

• The SmartClient should be operated in a secured network and context only
• Remove all tools giving possibility to call SOAP-services outside from the SmartClient
• The hardening instructions mentioned in the products security concept should be followed
• Update to V2506 or later version
• Harden LDAP-interface secure protocols by enabling the SSL-flag on configuration and a proper setup of your TLS-configuration
• All the users (including in LDAP) should be given the least privileges required
• Limit the permission to access those fields using the least privilege strategy
• Do not use original table structures and accounts for reporting. Create your own reporting accounts which have access via synonyms forwarding on views representing access to result-sets the user may use for evaluation
• Use DB-tools to limit load on productive systems for reporting accounts or use offline systems for reporting
• Harden your IIS
• Prevent any scanning of structures and configurations
• Limit the information to prevent to the end-user based on the need-to-know-principle to the minimum possible information
• Hardening of the solution, including the OS and IIS, is required, with specific measures such as hiding the IIS version to enhance security
• Users should not have the possibility to scan folders and extensions of files allowed to open should be limited to the required one
• Disable all protocols (SSL v2/v3, TLS 1.0, TLS 1.1) the solution should not use.
• Ensure, TLS 1.2 is enabled if you plan to use TLS 1.2.
• Follow the instructions of the security concept of Opcenter Quality and vendors.

Affected Vendors

Affected Products (3)

Affected Sectors

Critical Manufacturing, Transportation Systems, Energy, Healthcare and Public Health, Financial Services, Government Services and Facilities