Siemens Opcenter Quality

Plan Patch9.6ICS-CERT ICSA-22-195-17Jul 12, 2022

Attack VectorAdjacent

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Siemens Opcenter Quality versions 13.1 (before 13.1.20220624) and 13.2 (before 13.2.20220624) contain an authentication bypass vulnerability in the IbsGailWrapper-interface used by rich client modules. After a record is issued, the vulnerability allows unauthenticated access to application modules or denial of service for legitimate users. The issue affects installations configured with Encrypted=2 in ibs.config. Siemens has released patched versions and recommends immediate update or, if patching is delayed, replacement of IbsGailWrapper-DLLs and modification of security mode settings in consultation with Siemens support.

What this means

What could happen

An attacker could bypass authentication and gain unauthorized access to Opcenter Quality, allowing them to modify quality control records or disrupt process operations. This could result in undetected quality failures or operational downtime in manufacturing and product quality verification systems.

Who's at risk

This vulnerability affects manufacturing facilities, pharmaceutical companies, and other organizations using Siemens Opcenter Quality for quality management and control. It impacts anyone relying on this system to manage and verify product quality records and process compliance. Organizations in regulated industries (pharma, food, automotive) are especially at risk if quality records can be modified without authorization.

How it could be exploited

An attacker with network access to the Opcenter Quality application can submit a crafted record through the rich client modules using the IbsGailWrapper interface. After the record is issued, the authentication bypass vulnerability allows the attacker to access modules and perform actions without valid credentials.

Prerequisites

Network access to the Opcenter Quality application (typically local network)
Ability to issue a record to trigger the vulnerability condition
Installation must use Encrypted=2 configuration in ibs.config

remotely exploitableno authentication required after vulnerability triggerlow complexityaffects quality assurance systemsconfiguration-dependent (Encrypted=2)

Exploitability

Low exploit probability (EPSS 0.6%)

Affected products (2)

2 with fix

ProductAffected VersionsFix Status

Opcenter Quality V13.1<V13.1.2022062413.1.20220624

Opcenter Quality V13.2<V13.2.2022062413.2.20220624

Remediation & Mitigation

0/6

Do now

0/2

WORKAROUNDIf immediate patching is not possible and your system uses Encrypted=2 configuration, contact Siemens support to change the secure mode of your installation

WORKAROUNDReplace IbsGailWrapper-DLLs as a short-term mitigation while awaiting patch deployment

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

Opcenter Quality V13.1

HOTFIXUpdate Opcenter Quality V13.1 to version 13.1.20220624 or later

Opcenter Quality V13.2

HOTFIXUpdate Opcenter Quality V13.2 to version 13.2.20220624 or later

Long-term hardening

0/2

HARDENINGRestrict network access to Opcenter Quality servers through firewall rules and segmentation

HARDENINGImplement industrial security best practices per Siemens operational guidelines and product manuals

CVEs (1)

CVE-2022-33736

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/9552f6a9-2367-455c-b183-295559ab63a7