OTPulse
FeedAboutContact

Authentication Bypass Vulnerability in Opcenter Quality

Plan Patch9.6SSA-944952Jul 12, 2022
Attack VectorAdjacent
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

Siemens Opcenter Quality versions prior to 13.1.20220624 and 13.2.20220624 contain an authentication bypass vulnerability in rich client modules that use the IbsGailWrapper interface. After a record is issued, the bypass can be triggered on any module using this interface, allowing unauthenticated access to the application or causing denial of service for legitimate users.

What this means
What could happen
An attacker on your network could bypass authentication to Opcenter Quality and access the application without valid credentials, potentially viewing or altering quality control data, or they could disrupt service for legitimate users.
Who's at risk
Manufacturing organizations using Siemens Opcenter Quality for production data management and quality control. This affects any facility relying on Opcenter Quality for traceability, lot tracking, or compliance record management.
How it could be exploited
An attacker with network access to an Opcenter Quality instance could interact with the IbsGailWrapper interface in the rich client modules to bypass authentication checks. Once a record is issued, the authentication bypass can be triggered on any module that uses this interface.
Prerequisites
  • Network access to Opcenter Quality application on affected versions
  • No credentials required
remotely exploitableno authentication requiredlow complexityaffects data integrity and availability
Exploitability
Low exploit probability (EPSS 0.6%)
Affected products (2)
2 with fix
ProductAffected VersionsFix Status
Opcenter Quality V13.1All versions < V13.1.2022062413.1.20220624
Opcenter Quality V13.2< V13.2.2022062413.2.20220624
Remediation & Mitigation
0/2
Schedule — requires maintenance window
0/2

Patching may require device reboot — plan for process interruption

Opcenter Quality V13.1
HOTFIXUpdate Opcenter Quality V13.1 to version 13.1.20220624 or later
Opcenter Quality V13.2
HOTFIXUpdate Opcenter Quality V13.2 to version 13.2.20220624 or later
View full Siemens ProductCERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/07ca3ec8-3a82-46fa-a436-0a3d243e43c7