CVE-2022-33736

EPSS 0.6%
Veröffentlicht 12.07.2022 10:15:10
Zuletzt bearbeitet 21.11.2024 07:08:26
Quelle productcert@siemens.com
Teams Watchlist Login
Unerledigt Login

A vulnerability has been identified in Opcenter Quality V13.1 (All versions < V13.1.20220624), Opcenter Quality V13.2 (All versions < V13.2.20220624). The affected applications do not properly validate login information during authentication. This could lead to denial of service condition for existing users or allow unauthenticated remote attackers to successfully login without credentials.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Siemens ≫ Opcenter Quality Version >= 13.1.0 < 13.1.20220624

Siemens ≫ Opcenter Quality Version >= 13.2.0 < 13.2.20220624

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.6%	0.684

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

CWE-303 Incorrect Implementation of Authentication Algorithm

The requirements for the product dictate the use of an established authentication algorithm, but the implementation of the algorithm is incorrect.

https://cert-portal.siemens.com/productcert/pdf/ssa-944952.pdf

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-33736

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-33736

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-33736

EUVD