Siemens WinCC OA 3.16 < 3.19 Client Side Authentication Vulnerability (SSA-111512)

critical Nessus Plugin ID 162508

Synopsis

An application running on the remote host is affected by a client side authentication vulnerabilities.

Description

The remote host is running a version of Siemens SIMATIC WinCC OA (Open Architecture) 3.16 prior to version 3.19. It is, therefore, affected by a client side authentication vulnerability identified in the OT:ICEFALL report :

- Successful exploitation of this vulnerability could allow an attacker to impersonate other users or exploit the client-server protocol without being authenticated.

Solution

Enable server-side authentication (SSA) or Kerberos authentication and refer to the vendor advisory.

See Also

http://www.nessus.org/u?0a5d0b1d

https://www.cisa.gov/uscert/ics/advisories/icsa-22-172-06

Plugin Details

Severity: Critical

ID: 162508

File Name: scada_app_siemens_wincc_oa_ssa-111512_icefall.nbin

Version: 1.57

Type: local

Agent: windows

Family: Windows

Published: 6/23/2022

Updated: 11/22/2024

Configuration: Enable paranoid mode

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2022-33139

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:siemens:simatic_wincc_oa

Required KB Items: installed_sw/Siemens WinCC OA, SMB/Registry/Enumerated, Settings/ParanoidReport

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 6/21/2022

Reference Information

CVE: CVE-2022-33139