Unrated severityNVD Advisory· Published Jun 21, 2022· Updated Aug 3, 2024

CVE-2022-33139

Description

A vulnerability has been identified in Cerberus DMS (All versions), Desigo CC (All versions), Desigo CC Compact (All versions), SIMATIC WinCC OA V3.16 (All versions in default configuration), SIMATIC WinCC OA V3.17 (All versions in non-default configuration), SIMATIC WinCC OA V3.18 (All versions in non-default configuration). Affected applications use client-side only authentication, when neither server-side authentication (SSA) nor Kerberos authentication is enabled. In this configuration, attackers could impersonate other users or exploit the client-server protocol without being authenticated.

Affected products

Siemens Foundation/Desigo CC Compactllm-fuzzy
Range: All versions
Siemens Foundation/Cerberus DMSllm-fuzzy2 versions
All versions+ 1 more
- (no CPE)range: All versions
- (no CPE)range: All versions
Siemens Foundation/Desigo CCllm-fuzzy3 versions
All versions+ 2 more
- (no CPE)range: All versions
- (no CPE)range: All versions
- (no CPE)range: All versions
Siemens Foundation/Winccllm-fuzzy4 versions
V3.16, V3.17, V3.18+ 3 more
- (no CPE)range: V3.16, V3.17, V3.18
- (no CPE)range: All versions in default configuration
- (no CPE)range: All versions in non-default configuration
- (no CPE)range: All versions in non-default configuration

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000

CVE-2022-33139

Description

Affected products

Patches

Vulnerability mechanics

References

News mentions