6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.4 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
54.2%
A vulnerability has been identified in Cerberus DMS (All versions), Desigo CC (All versions), Desigo CC Compact (All versions), SIMATIC WinCC OA V3.16 (All versions in default configuration), SIMATIC WinCC OA V3.17 (All versions in non-default configuration), SIMATIC WinCC OA V3.18 (All versions in non-default configuration). Affected applications use client-side only authentication, when neither server-side authentication (SSA) nor Kerberos authentication is enabled. In this configuration, attackers could impersonate other users or exploit the client-server protocol without being authenticated.
[
{
"vendor": "Siemens",
"product": "Cerberus DMS",
"versions": [
{
"version": "All versions",
"status": "affected"
}
]
},
{
"vendor": "Siemens",
"product": "Desigo CC",
"versions": [
{
"version": "All versions",
"status": "affected"
}
]
},
{
"vendor": "Siemens",
"product": "Desigo CC Compact",
"versions": [
{
"version": "All versions",
"status": "affected"
}
]
},
{
"vendor": "Siemens",
"product": "SIMATIC WinCC OA V3.16",
"versions": [
{
"version": "All versions in default configuration",
"status": "affected"
}
]
},
{
"vendor": "Siemens",
"product": "SIMATIC WinCC OA V3.17",
"versions": [
{
"version": "All versions in non-default configuration",
"status": "affected"
}
]
},
{
"vendor": "Siemens",
"product": "SIMATIC WinCC OA V3.18",
"versions": [
{
"version": "All versions in non-default configuration",
"status": "affected"
}
]
}
]
More
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.4 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
54.2%