Authentication Bypass Vulnerabilities in OPC UA
Act Now9.1SSA-858251Mar 11, 2025
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
Two authentication bypass vulnerabilities in OPC UA implementation allow attackers to gain unauthorized access to Siemens automation servers without valid credentials. Affected products include SIMATIC Energy Manager PRO (V7.2–V7.5), SIMIT (V11), SIMATIC IPC DiagMonitor, SIMATIC WinCC Unified (V18–V19), and SIMATIC WinCC V8.0. An attacker with network access to the OPC UA service can read or modify process data and server functionality. Siemens has released fixes for V7.4 Update 7, V7.5 Update 2, SIMIT 11.3, WinCC Unified 19 Update 4, and WinCC V8.0 Update 3. For older versions of Energy Manager PRO, IPC DiagMonitor, WinCC Unified V18, and Industrial Edge for Machine Tools, no fix is currently available.
What this means
What could happen
An attacker with network access to OPC UA can bypass authentication and gain unauthorized access to industrial automation servers, potentially reading sensitive process data, modifying control parameters, or disrupting operations across energy and manufacturing plants.
Who's at risk
Energy utilities and manufacturing plants running Siemens automation software should be concerned, particularly those using SIMATIC Energy Manager PRO, SIMIT simulation software, SIMATIC IPC DiagMonitor, SIMATIC WinCC Unified, or Industrial Edge for Machine Tools. Any facility relying on OPC UA for SCADA, energy management, or machine control is affected.
How it could be exploited
An attacker sends a specially crafted OPC UA request to an affected server on the network without providing valid credentials. The authentication bypass vulnerabilities (CWE-305, CWE-208) allow the attacker to establish a connection and access the server's functionality as if they were an authorized user. No user interaction is required.
Prerequisites
- Network access to OPC UA port (typically port 4840 or custom configured port)
- Target device running affected Siemens product version
- OPC UA interface enabled on the device
remotely exploitableno authentication requiredlow complexitycritical severity (CVSS 9.1)affects multiple product familiesno patch available for several products
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (10)
5 with fix5 EOL
ProductAffected VersionsFix Status
Industrial Edge for Machine Tools (formerly known as "SINUMERIK Edge")All versionsNo fix (EOL)
SIMATIC Energy Manager PRO V7.4All versions ≥ V7.4 Update 0 < V7.4 Update 77.4 Update 7
SIMATIC Energy Manager PRO V7.5All versions ≥ V7.5 Update 0 < V7.5 Update 27.5 Update 2
SIMIT V11< 11.311.3
SIMATIC WinCC Unified V19All versions < V19 Update 419 Update 4
SIMATIC WinCC V8.0All versions < V8.0 Update 38.0 Update 3
SIMATIC Energy Manager PRO V7.2All versionsNo fix (EOL)
SIMATIC Energy Manager PRO V7.3All versionsNo fix (EOL)
Remediation & Mitigation
0/7
Do now
0/1SIMATIC Energy Manager PRO V7.2
WORKAROUNDFor products with no fix available (SIMATIC Energy Manager PRO V7.2, V7.3, Industrial Edge for Machine Tools, SIMATIC IPC DiagMonitor, SIMATIC WinCC Unified V18), disable OPC UA network access or restrict it to trusted networks only via firewall rules
Schedule — requires maintenance window
0/5Patching may require device reboot — plan for process interruption
SIMATIC Energy Manager PRO V7.4
HOTFIXUpdate SIMATIC Energy Manager PRO V7.4 to Update 7 or later
SIMATIC Energy Manager PRO V7.5
HOTFIXUpdate SIMATIC Energy Manager PRO V7.5 to Update 2 or later
SIMATIC WinCC Unified V19
HOTFIXUpdate SIMATIC WinCC Unified V19 to Update 4 or later
SIMATIC WinCC V8.0
HOTFIXUpdate SIMATIC WinCC V8.0 to Update 3 or later
All products
HOTFIXUpdate SIMIT to version 11.3 or later
Mitigations - no patch available
0/1The following products have reached End of Life with no planned fix: Industrial Edge for Machine Tools (formerly known as "SINUMERIK Edge"), SIMATIC Energy Manager PRO V7.2, SIMATIC Energy Manager PRO V7.3, SIMATIC IPC DiagMonitor, SIMATIC WinCC Unified V18. Apply the following compensating controls:
HARDENINGImplement network segmentation to isolate OPC UA servers from untrusted networks and require VPN or jump-server access for remote administration
CVEs (2)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/43455e1b-3dbe-45c3-b02a-26d9176f1292