Multiple Vulnerabilities in Tableau Server Component of Opcenter Intelligence

Act NowCVSS 9.6SSA-246355Feb 11, 2025

Siemens

Attack path

Attack VectorAdjacent

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Multiple vulnerabilities exist in the Tableau Server component embedded in Opcenter Intelligence versions prior to V2501. These include authentication bypass (CWE-287), path traversal (CWE-22), insecure deserialization (CWE-502), server-side request forgery (CWE-918), and exposure of sensitive data (CWE-312). An unauthenticated attacker with network access could exploit these to execute code, access sensitive manufacturing data, or disrupt operations. Siemens has released version 2501 with fixes and recommends updating both Opcenter Intelligence and the bundled Tableau Server to their latest versions.

What this means

What could happen

An attacker with network access to Opcenter Intelligence could bypass authentication, access or modify sensitive production data, execute arbitrary code, or disrupt manufacturing intelligence operations that depend on real-time analytics.

Who's at risk

Organizations using Siemens Opcenter Intelligence for production analytics and manufacturing intelligence should prioritize this vulnerability. This affects facilities that rely on Opcenter for real-time process monitoring, production tracking, or batch intelligence across discrete and process manufacturing environments.

How it could be exploited

An attacker on the same network segment (or with network access to the Opcenter Intelligence server) could exploit missing authentication checks or unsafe deserialization in the Tableau Server component to execute commands, read configuration files, or access manufacturing process data without credentials.

Prerequisites

Network access to Opcenter Intelligence server (port 80/443 or Tableau Server port)
No valid credentials required (authentication bypass vulnerabilities)
System running affected version (< V2501)

remotely exploitableno authentication requiredactively exploited (KEV)high EPSS score (94.4%)affects critical manufacturing analytics

Exploitability

Actively exploited — confirmed by CISA KEV

Metasploit module available — weaponized exploitView module ↗

Public Proof-of-Concept (PoC) on GitHub (10 repositories)

Affected products (1)

ProductAffected VersionsFix Status

Opcenter Intelligence< V25012501

Remediation & Mitigation

0/4

Do now

0/4

HOTFIXUpdate Opcenter Intelligence to version 2501 or later

HOTFIXInstall the latest available version of Tableau Server for Opcenter Intelligence as described in Siemens knowledge base PL8822108

WORKAROUNDRestrict network access to Opcenter Intelligence server to authorized engineering and analytics workstations only; block direct access from untrusted networks

HARDENINGImplement network segmentation to isolate Opcenter Intelligence from production OT networks until patches are applied

CVEs (5)

CVE-2022-22127 CVE-2022-22128 CVE-2023-46604 CVE-2025-26494 CVE-2025-26495

View full Siemens ProductCERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/af639612-fe87-4036-9ee8-42d71caf3be3

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.