OTPulse

Siemens Opcenter Quality

Plan PatchCVSS 9.6ICS-CERT ICSA-22-195-17Jul 12, 2022
Siemens
Attack path
Attack VectorAdjacent
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

Siemens Opcenter Quality versions 13.1 (before 13.1.20220624) and 13.2 (before 13.2.20220624) contain an authentication bypass vulnerability in the IbsGailWrapper-interface used by rich client modules. After a record is issued, the vulnerability allows unauthenticated access to application modules or denial of service for legitimate users. The issue affects installations configured with Encrypted=2 in ibs.config. Siemens has released patched versions and recommends immediate update or, if patching is delayed, replacement of IbsGailWrapper-DLLs and modification of security mode settings in consultation with Siemens support.

What this means
What could happen
An attacker could bypass authentication and gain unauthorized access to Opcenter Quality, allowing them to modify quality control records or disrupt process operations. This could result in undetected quality failures or operational downtime in manufacturing and product quality verification systems.
Who's at risk
This vulnerability affects manufacturing facilities, pharmaceutical companies, and other organizations using Siemens Opcenter Quality for quality management and control. It impacts anyone relying on this system to manage and verify product quality records and process compliance. Organizations in regulated industries (pharma, food, automotive) are especially at risk if quality records can be modified without authorization.
How it could be exploited
An attacker with network access to the Opcenter Quality application can submit a crafted record through the rich client modules using the IbsGailWrapper interface. After the record is issued, the authentication bypass vulnerability allows the attacker to access modules and perform actions without valid credentials.
Prerequisites
  • Network access to the Opcenter Quality application (typically local network)
  • Ability to issue a record to trigger the vulnerability condition
  • Installation must use Encrypted=2 configuration in ibs.config
remotely exploitableno authentication required after vulnerability triggerlow complexityaffects quality assurance systemsconfiguration-dependent (Encrypted=2)
Exploitability
Unlikely to be exploited — EPSS score 0.6%
Affected products (2)
2 with fix
ProductAffected VersionsFix Status
Opcenter Quality V13.1<V13.1.2022062413.1.20220624
Opcenter Quality V13.2<V13.2.2022062413.2.20220624
Remediation & Mitigation
0/6
Do now
0/2
WORKAROUNDIf immediate patching is not possible and your system uses Encrypted=2 configuration, contact Siemens support to change the secure mode of your installation
WORKAROUNDReplace IbsGailWrapper-DLLs as a short-term mitigation while awaiting patch deployment
Schedule — requires maintenance window
0/2

Patching may require device reboot — plan for process interruption

Opcenter Quality V13.1
HOTFIXUpdate Opcenter Quality V13.1 to version 13.1.20220624 or later
Opcenter Quality V13.2
HOTFIXUpdate Opcenter Quality V13.2 to version 13.2.20220624 or later
Long-term hardening
0/2
HARDENINGRestrict network access to Opcenter Quality servers through firewall rules and segmentation
HARDENINGImplement industrial security best practices per Siemens operational guidelines and product manuals
View full CISA ICS-CERT advisory
API: /api/v1/advisories/9552f6a9-2367-455c-b183-295559ab63a7

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.