SSA-246355

Siemens Security Advisory by Siemens ProductCERT

SSA-246355: Multiple Vulnerabilities in Tableau Server Component of Opcenter Intelligence

Publication Date:	2025-02-11
Last Update:	2025-02-11
Current Version:	V1.0
CVSS v3.1 Base Score:	10.0
CVSS v4.0 Base Score:	9.4

SUMMARY

The Tableau Server component in Opcenter Intelligence contains multiple vulnerabilities as described below.

Siemens has released a new version for Opcenter Intelligence and recommends to update to the latest version and to install the latest available version of Tableau Server as described in https://support.sw.siemens.com/knowledge-base/PL8822108.

AFFECTED PRODUCTS AND SOLUTION

Un-/Collapse All

Affected Product and Versions	Remediation
Opcenter Intelligence All versions < V2501 affected by all CVEs CVE-2022-22127 CVE-2022-22128 CVE-2023-46604 CVE-2025-26490 CVE-2025-26491	Update to V2501 or later version and install the latest available version of Tableau Server as described in https://support.sw.siemens.com/knowledge-base/PL8822108 https://support.sw.siemens.com/product/287414453/

WORKAROUNDS AND MITIGATIONS

Product-specific remediations or mitigations can be found in the section Affected Products and Solution.
Please follow the General Security Recommendations.

GENERAL SECURITY RECOMMENDATIONS

As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals. Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity

PRODUCT DESCRIPTION

Opcenter Intelligence (formerly known as "Manufacturing Intelligence") connects, organizes and aggregates manufacturing data from disparate company sources into cohesive, intelligent and contextualized information.

VULNERABILITY DESCRIPTION

Un-/Collapse All

This chapter describes all vulnerabilities (CVE-IDs) addressed in this security advisory. Wherever applicable, it also documents the product-specific impact of the individual vulnerabilities.

Vulnerability CVE-2022-22127

Tableau is aware of a broken access control vulnerability present in Tableau Server affecting Tableau Server customers using Local Identity Store for managing users. The vulnerability allows a malicious site administrator to change passwords for users in different sites hosted on the same Tableau Server, resulting in the potential for unauthorized access to data.Tableau Server versions affected are:2020.4.16, 2021.1.13, 2021.2.10, 2021.3.9, 2021.4.4 and earlierNote: All future releases of Tableau Server will address this security issue. Versions that are no longer supported are not tested and may be vulnerable.

CVSS v3.1 Base Score	7.7
CVSS v3.1 Vector	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N
CWE	CWE-287: Improper Authentication

Vulnerability CVE-2022-22128

Tableau discovered a path traversal vulnerability affecting Tableau Server Administration Agent’s internal file transfer service that could allow remote code execution.Tableau only supports product versions for 24 months after release. Older versions have reached their End of Life and are no longer supported. They are also not assessed for potential security issues and do not receive security updates.

CVSS v3.1 Base Score	9.0
CVSS v3.1 Vector	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
CWE	CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Vulnerability CVE-2023-46604

The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution. This vulnerability may allow a remote attacker with network access to either a Java-based OpenWire broker or client to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol to cause either the client or the broker (respectively) to instantiate any class on the classpath. Users are recommended to upgrade both brokers and clients to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3 which fixes this issue.

CVSS v3.1 Base Score	10.0
CVSS v3.1 Vector	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H
CWE	CWE-502: Deserialization of Untrusted Data

Product-Specific Vulnerability Description

For the following products, the impact of the vulnerability is different.

Opcenter Intelligence:

Impact of this vulnerability to Tableau Server as described in https://kb.tableau.com/articles/Issue/remote-code-execution-rce-vulnerability-impacting-apache-activemq-clients:

On November 2, 2023, Apache announced the discovery of CVE-2023-46604, a Remote Code Execution (RCE) vulnerability impacting Apache ActiveMQ clients. As a result of this issue, a remote threat actor with network access to either a Java-based OpenWire broker or client could execute a RCE to run arbitrary shell commands.

CVSS v3.1 Base Score	9.6
CVSS v3.1 Vector	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CVSS v4.0 Base Score	9.4
CVSS v4.0 Vector	CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Vulnerability CVE-2025-26490

Personal access token disclosure vulnerability in Tableau Server. For details go to help.salesforce.com and search for knowledge article id 000390611.

CVSS v3.1 Base Score	4.9
CVSS v3.1 Vector	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
CWE	CWE-532: Insertion of Sensitive Information into Log File

Vulnerability CVE-2025-26491

Server-side request forgery (SSRF) vulnerability in Tableau Server. For details go to help.salesforce.com and search for knowledge article id 001534936.

CVSS v3.1 Base Score	7.7
CVSS v3.1 Vector	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
CWE	CWE-918: Server-Side Request Forgery (SSRF)

ADDITIONAL INFORMATION

For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories

HISTORY DATA

V1.0 (2025-02-11):

Publication date

The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.