Siemens Opcenter Quality

Source: All CISA Advisories | Added:

Siemens Opcenter Quality has multiple vulnerabilities, including incorrect authorization and insufficient encryption, which could allow attackers to gain unauthorized access to sensitive information and compromise data integrity. As of January 10, 2023, CISA will not provide further updates on these vulnerabilities, and users are advised to refer to Siemens' ProductCERT for the latest information.

---

Impact: Siemens SmartClient modules Opcenter QL Home, Siemens SOA Audit, Siemens SOA Cockpit

In the Wild: Unknown

Age: Newly disclosed

Remediation: Update to V2506 or later version, operate SmartClient in a secured network, remove tools allowing SOAP-service calls outside SmartClient, follow hardening instructions in security concept.

Read Full Original Article →