Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-33139

A vulnerability has been identified in SIMATIC WinCC OA V3.16 (All versions in default configuration), SIMATIC WinCC OA V3.17 (All versions in non-default configuration), SIMATIC WinCC OA V3.18 (All versions in non-default configuration). Affected applications use client-side only authentication, when neither server-side authentication (SSA) nor Kerberos authentication is enabled. In this configuration, attackers could impersonate other users or exploit the client-server protocol without being authenticated.

CVE
Open in Source
#vulnerability#pdf#auth

%PDF-1.5 %���� 1 0 obj << /D [2 0 R /XYZ 70.866 771.024 null] >> endobj 3 0 obj << /D [2 0 R /XYZ 70.866 646.963 null] >> endobj 4 0 obj << /D [2 0 R /XYZ 70.866 551.017 null] >> endobj 5 0 obj << /D [2 0 R /XYZ 70.866 246.424 null] >> endobj 6 0 obj << /D [2 0 R /XYZ 70.866 187.34 null] >> endobj 7 0 obj << /D [8 0 R /XYZ 85.039 328.627 null] >> endobj 9 0 obj << /D [10 0 R /XYZ 70.866 504.583 null] >> endobj 11 0 obj << /S /GoTo /D [2 0 R /Fit] >> endobj 2 0 obj << /Contents 12 0 R /Type /Page /Resources 13 0 R /Parent 14 0 R /Annots [15 0 R 16 0 R 17 0 R 18 0 R 19 0 R 20 0 R 21 0 R 22 0 R 23 0 R] /MediaBox [0 0 595.276 841.89] >> endobj 15 0 obj << /A << /S /URI /Type /Action /URI (https://cert-portal.siemens.com/productcert/news.html?id=21) >> /C [0 1 1] /Subtype /Link /Type /Annot /H /I /Border [0 0 0] /Rect [242.629 550.021 512.414 561.438] >> endobj 16 0 obj << /A << /S /URI /Type /Action /URI (https://www.winccoa.com/downloads/detail/security-guideline-wincc-oa-v316-1.html) >> /C [0 1 1] /Subtype /Link /Type /Annot /H /I /Border [0 0 0] /Rect [303.117 427.635 518.276 439.052] >> endobj 18 0 obj << /A << /S /URI /Type /Action /URI (https://www.winccoa.com/downloads/detail/security-guideline-wincc-oa-v317.html) >> /C [0 1 1] /Subtype /Link /Type /Annot /H /I /Border [0 0 0] /Rect [303.117 349.729 518.276 361.146] >> endobj 20 0 obj << /A << /S /URI /Type /Action /URI (https://www.winccoa.com/downloads/detail/security-guideline-wincc-oa-v318.html) >> /C [0 1 1] /Subtype /Link /Type /Annot /H /I /Border [0 0 0] /Rect [303.117 271.823 518.276 283.24] >> endobj 22 0 obj << /A << /S /GoTo /D (section*.2) >> /Subtype /Link /C [1 0 0] /Type /Annot /H /I /Border [0 0 0] /Rect [386.143 204.157 524.579 215.694] >> endobj 23 0 obj << /A << /S /GoTo /D (section*.4) >> /Subtype /Link /C [1 0 0] /Type /Annot /H /I /Border [0 0 0] /Rect [147.498 186.344 309.548 197.761] >> endobj 13 0 obj << /ProcSet [/PDF /Text] /Font << /F51 24 0 R /F48 25 0 R >> >> endobj 12 0 obj << /Filter /FlateDecode /Length 2396 >> stream x��Z�s۸��� &�@:���y�/�8�#�Nr���ҤO����.J�D阓o2�����b��:��$zs�����ka"K�b*���tB�R���H���,�_�C^-'S�M|��W�ɔʸh���Y��X�0ɓ8L}������â�V�����V_O~�������o’J"�a@�i48��ke���(!ܚ�ɭ|���D �2�:��I�j{4Q<-I ;D�b�X�t��4��X�uWA��LP��lJ)�����JI(s�$����] p?Ԍ!�)�`���Pi����E^5�e���3N w� \��$�r ����$@b�˾3��Usb�)�jW��:B��F�!A1��� ��rC| C�QG1.J�2BE��b:[.p�n6����g��$� (T�Q�$uH$�Ԗ�,��!ޥ!�8���$�A,q�=�;cbˁ/&2@�Qp ߧ�R�)�Dp��X9�.[�qP�2m��F��%�M5e€w�J���.���1󻤦t�.Pg�X����’&���N�݂�$�����o�� ����e�ͼ^ Z��3`PJ@����\A `Q��  <""x�ͻw�K����[�����C�����&Z?��:G�l�K7��K��q��Xb\m0���� w ���Gi��’�`ʏ���� Of��8�u�$�G�^��\�a$ב��2^�ωL 6�&W�%0��n���|Q/��y����*���g����aEs߮����$aw���$�H*`ܤs���l�O��U����K��+0]��v q"n�U� ��Z-1{�L�c��cY�������ׯ����z^��� ��^��_��Î�P���IClP�:��JNj|^?�c�U��~~�[��d�7�7�Tz7��\�o’"�\��vߢ��-iY�)��9� ���Z��A����� ���ŋ���ҿ��� =%��s��k��’���Juq�� �QU�ǀ-*��-���u��;L��@��YI �����@��]��E�҇-*N�rs�Υ�j�9�ИJ����V��o�2(���4Pl�,wו��&@ή�����F� ��h!!���� >˲i���jm���Nd��U���/\9Y�S�!�Y��p�囓�Ӕ �7������u ��L!b%�cӒ,���=��>��e��l���W�7�ߋ�o>ҭ�/HE�F I��E pf�GD I-d!�^�~uv���@-�,�و���bj��$��Q�+�E$=�<�r����׋�7g�WX��q"X�2�$���G�)ͷ.�����v�(�㎝1�� �#7�#1!u��_n��/��,�2����J擄֪^Y5���DC C!)ׇH�b4T� XU���Ä��e�a���cp�1��iKx�G���C��N/E;����߅^� `�"U���w.�Z��I$� �����r��?]�b��UO���k�p6+����TC������8�=��.���pP%�D�y�M�`X +:8eI[8�M�`:��qY��H"�?g�G��S�f���� �R��!:���f�����’`���Qrؤ�AO�Lrmz��0�x��}���ܷ�z���K[��}q�^l��S�pv�N��>���8w;F0��o ��.����n�)Q&H��}Y��P�j*�6_zzz�H�’H��u���F�z��:͖�Y�@z:�8�ּMs;ɵO�����?�C��N��WN�Q�r�7�5p|��:=��3�8�8��0CK��<�]�H�����Lܨ�j�<�� ��Vm:�����ȴ��� �v������=a�@8��h?��N;j)6e4�P+�)\&���-����}1�����i4��B�<�3� '� e�+8�M�M�K� ^yMa�J(�mF G�ڴ0��0l5H6f2밣���=�q���>��H��n{��’�� ? ㎥Ǥ%\�g�8����g�?0�T5� ��~�Au� ������M~�1�\u���4$9T?’�1�Ж��83���w��I�Y��¸�h��c �f~�+xծ��c�@9>`����ۙo�ݼ9�?S ��1<�m�)Чǐ�>bR���3��I��Q��V� pه�����q�����M�~��j��ߔRKTdSF ؒ�v.֝/�y��2�g/6���_�3���h����W�%��-q�n�� ���|r��[�;�*���DB�J�Wu�ډ[m��}������\��ϵ�Ͳ����fv�-�ɫ��n����.��]AK�m�A�i[� p�=�����v�v�V�� @�3�t�/���9,`����]�YX]��_�-��3��Q endstream endobj 26 0 obj << /D [2 0 R /XYZ 69.866 808.885 null] >> endobj 25 0 obj << /Subtype /Type1 /FirstChar 2 /Type /Font /BaseFont /SAHHGB+NimbusSanL-Regu /FontDescriptor 27 0 R /Encoding 28 0 R /LastChar 169 /Widths 29 0 R >> endobj 24 0 obj << /Subtype /Type1 /FirstChar 45 /Type /Font /BaseFont /DGFBNR+NimbusSanL-Bold /FontDescriptor 30 0 R /Encoding 28 0 R /LastChar 117 /Widths 31 0 R >> endobj 32 0 obj << /D [2 0 R /XYZ 70.866 500.37 null] >> endobj 17 0 obj << /A << /S /URI /Type /Action /URI (https://www.winccoa.com/downloads/detail/security-guideline-wincc-oa-v316-1.html) >> /C [0 1 1] /Subtype /Link /Type /Annot /H /I /Border [0 0 0] /Rect [303.117 414.19 483.24 426.868] >> endobj 19 0 obj << /A << /S /URI /Type /Action /URI (https://www.winccoa.com/downloads/detail/security-guideline-wincc-oa-v317.html) >> /C [0 1 1] /Subtype /Link /Type /Annot /H /I /Border [0 0 0] /Rect [303.117 336.284 473.885 348.962] >> endobj 21 0 obj << /A << /S /URI /Type /Action /URI (https://www.winccoa.com/downloads/detail/security-guideline-wincc-oa-v318.html) >> /C [0 1 1] /Subtype /Link /Type /Annot /H /I /Border [0 0 0] /Rect [303.117 258.379 473.885 271.056] >> endobj 14 0 obj << /Kids [2 0 R 8 0 R 10 0 R] /Type /Pages /Count 3 >> endobj 33 0 obj << /A << /S /URI /Type /Action /URI (https://www.siemens.com/cert/operational-guidelines-industrial-security) >> /C [0 1 1] /Subtype /Link /Type /Annot /H /I /Border [0 0 0] /Rect [164.798 698.869 487.754 710.406] >> endobj 34 0 obj << /A << /S /URI /Type /Action /URI (https://www.siemens.com/industrialsecurity) >> /C [0 1 1] /Subtype /Link /Type /Annot /H /I /Border [0 0 0] /Rect [406.699 669.101 525.406 680.518] >> endobj 35 0 obj << /A << /S /URI /Type /Action /URI (https://www.first.org/cvss/) >> /C [0 1 1] /Subtype /Link /Type /Annot /H /I /Border [0 0 0] /Rect [131.954 510.979 248.203 522.516] >> endobj 36 0 obj << /A << /S /URI /Type /Action /URI (https://cwe.mitre.org/) >> /C [0 1 1] /Subtype /Link /Type /Annot /H /I /Border [0 0 0] /Rect [69.87 421.315 163.926 432.852] >> endobj 37 0 obj << /A << /S /URI /Type /Action /URI (https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C) >> /C [0 1 1] /Subtype /Link /Type /Annot /H /I /Border [0 0 0] /Rect [224.029 303.721 508.922 317.669] >> endobj 38 0 obj << /ProcSet [/PDF /Text] /Font << /F51 24 0 R /F48 25 0 R >> >> endobj 8 0 obj << /Contents 39 0 R /Type /Page /Resources 38 0 R /Parent 14 0 R /Annots [33 0 R 34 0 R 40 0 R 35 0 R 36 0 R 37 0 R] /MediaBox [0 0 595.276 841.89] >> endobj 39 0 obj << /Filter /FlateDecode /Length 2414 >> stream xڝYIw�8��W���{1D,�tSuZ=N챔����`��T�����]$�����M�j�P୼��x�~q1�U%^��HD��ދ�D��) y�-��7^荮�������np�C�hZ�x�P45e��n ��7�z�����v��?�_L]p(��Q��Œ{���۟����߽��4��̍�B�B%�����H�/T+#��)T,�#c��{<`i���f SƣĚ�����v|�T.�z}_��s۞2��� wȒ�E���J�rϧ�/������!����[4�X鋢�T�������O��*�ǃBhv�y�����@� ���� 0C

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE