← Back to home
SIEMENS-SSA-836027  ·  Published 2022-10-11  ·  View on Siemens ProductCERT ↗

SSA-836027 V1.0: Client-side Authentication in Desigo CC and Cerberus DMS

CVSS N/A MEDIUM

Risk Summary

<p>Desigo CC and Cerberus DMS are based on SIMATIC WinCC OA and implement client-side only authentication for specific parts of their client-server communication. In this configuration, attackers could impersonate other users or exploit the client-server protocol without being authenticated, as documented for SIMATIC WinCC OA in SSA-111512 [1].</p> <p>Siemens recommends specific mitigations, documented in [2], for products where fixes are not, or not yet available. Additional details regarding these mitigations can be found in the chapter Additional Information.</p> <p>[1] <a href="https://cert-portal.siemens.com/productcert/html/ssa-111512.html" class="uri">https://cert-portal.siemens.com/productcert/html/ssa-111512.html</a><br /> [2] <a href="https://support.industry.siemens.com/cs/ww/en/view/109813389/" class="uri">https://support.industry.siemens.com/cs/ww/en/view/109813389/</a></p>

Remediations

  • Refer to Siemens ProductCERT advisory for patch and remediation guidance.

Affected Vendors

Siemens

Affected Products (1)

Siemens · SSA-836027 V1.0: Client-side Authentication in Desigo CC and Cerberus DMS See advisory

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more