Full Report
The products listed below contain two authentication bypass vulnerabilities that could allow an attacker to gain access to the data managed by the server. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and recommends countermeasures for products where fixes are not, or not yet available.
Analysis Summary
# Vulnerability: Authentication Bypass in Siemens OPC UA Implementation
## CVE Details
* **CVE ID:** CVE-2024-42513
* **CVSS Score:** 9.1 (Critical)
* **Vector:** CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
* **CWE:** CWE-305 (Authentication Bypass by Primary Weakness)
* **CVE ID:** CVE-2024-42512
* **CVSS Score:** 7.4 (High)
* **Vector:** CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
* **CWE:** CWE-208 (Observable Timing Discrepancy)
## Affected Systems
* **Industrial Edge for Machine Tools:** All versions (CVE-2024-42513)
* **SIMATIC Energy Manager PRO:**
* V7.2 & V7.3: All versions
* V7.4 & V7.5: Versions < V7.5 Update 2
* **SIMATIC IPC DiagMonitor:** All versions (CVE-2024-42513)
* **SIMATIC WinCC V8.0:** Versions < V8.0 Update 3 (CVE-2024-42513)
* **SIMATIC WinCC Unified (TIA Portal):**
* V18: All versions
* V19: Versions < V19 Update 4
* **SIMIT V11:** Versions < V11.3 (CVE-2024-42512)
## Vulnerability Description
The flaws reside in the **OPC UA .NET Standard Stack** (prior to v1.5.374.158) utilized by various Siemens products.
* **CVE-2024-42513:** Specifically affects **HTTPS endpoints**. It allows an unauthorized attacker to bypass application authentication entirely.
* **CVE-2024-42512:** Affects systems using the deprecated **Basic128Rsa15** security policy. It involves a timing discrepancy that can be leveraged to bypass authentication.
## Exploitation
* **Status:** No reports of exploitation in the wild at this time; PoC availability not explicitly confirmed in the advisory.
* **Complexity:**
* CVE-2024-42513: **Low**
* CVE-2024-42512: **High**
* **Attack Vector:** Network (Remote)
## Impact
* **Confidentiality:** High (Attacker can access data managed by the server)
* **Integrity:** High (Attacker can potentially modify data)
* **Availability:** None reported (The flaw focuses on access control bypass)
## Remediation
### Patches
* **SIMATIC Energy Manager PRO:** Update to V7.5 Update 2 or later.
* **SIMATIC WinCC V8.0:** Update to V8.0 Update 3 or later.
* **SIMATIC WinCC Unified V19:** Update to V19 Update 4 or later.
* **SIMIT V11:** Update to V11.3 or later.
### Workarounds
* **Disable HTTPS Endpoints:** For WinCC Unified RT and SIMATIC IPC DiagMonitor, the affected HTTPS endpoint is **deactivated by default**. Ensure it remains disabled unless required.
* **Disable Deprecated Policies:** For CVE-2024-42512, disable the "Basic128Rsa15" security policy in the OPC UA server configuration.
* **Network Segmentation:** Restrict access to OPC UA communication ports to trusted IP addresses only.
* **Defense in Depth:** Follow Siemens' general security recommendations for industrial environments.
## Detection
* **Indicators of Compromise:** Monitor for unusual authentication attempts or connections to OPC UA HTTPS endpoints from unauthorized IP addresses.
* **Configuration Review:** Audit OPC UA server configurations to identify if HTTPS endpoints or Basic128Rsa15 policies are active on vulnerable versions.
## References
* **Siemens Advisory:** hxxps://cert-portal[.]siemens[.]com/productcert/pdf/ssa-858251[.]pdf
* **Siemens ProductCERT:** hxxps://www[.]siemens[.]com/cert/advisories