SSA-858251

Siemens Security Advisory by Siemens ProductCERT

SSA-858251: Authentication Bypass Vulnerabilities in OPC UA

Publication Date:	2025-03-11
Last Update:	2025-03-11
Current Version:	V1.0
CVSS v3.1 Base Score:	9.1

SUMMARY

The products listed below contain two authentication bypass vulnerabilities that could allow an attacker to gain access to the data managed by the server.

Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and recommends countermeasures for products where fixes are not, or not yet available.

AFFECTED PRODUCTS AND SOLUTION

Un-/Collapse All

Affected Product and Versions	Remediation
Industrial Edge for Machine Tools (formerly known as "SINUMERIK Edge") All versions affected by CVE-2024-42513	Currently no fix is planned
SIMATIC BRAUMAT All versions >= V8.0 SP1 < V8.1 affected by CVE-2024-42513	Update to V8.1 or later version https://support.industry.siemens.com/cs/ww/en/view/109816925/
SIMATIC Energy Manager PRO	Open for details
SIMATIC Energy Manager PRO All versions >= V7.5 < V7.5 Update 2 affected by all CVEs CVE-2024-42512 CVE-2024-42513	Update to V7.5 Update 2 or later version https://support.industry.siemens.com/cs/ww/en/view/109976966/
SIMATIC Energy Manager PRO All versions >= V7.2 Update 6 affected by all CVEs CVE-2024-42512 CVE-2024-42513	Currently no fix is available
SIMATIC IPC DiagMonitor All versions affected by CVE-2024-42513	Currently no fix is planned Please note that the affected functionality (HTTPS endpoint in OPC UA Server) is deactivated by default. Systems running with default configuration are therefore not affected by this vulnerability.
SIMATIC SISTAR All versions >= V8.0 SP1 < V8.1 affected by CVE-2024-42513	Update to V8.1 or later version https://support.industry.siemens.com/cs/ww/en/view/109816925/
SIMATIC WinCC V8.0 All versions < V8.0 Update 3 affected by CVE-2024-42513	Update to V8.0 Update 3 or later version https://support.industry.siemens.com/cs/ww/en/view/109818723/
SIMIT V11 All versions affected by CVE-2024-42512	Currently no fix is available
Totally Integrated Automation Portal (TIA Portal)	Open for details Please note that the affected functionality (HTTPS endpoint in OPC UA Server) is deactivated by default in Unified RT. Systems running with default configuration are therefore not affected by this vulnerability.
Totally Integrated Automation Portal (TIA Portal) V18	Currently no fix is available Please note that the affected functionality (HTTPS endpoint in OPC UA Server) is deactivated by default in Unified RT. Systems running with default configuration are therefore not affected by this vulnerability.
SIMATIC WinCC Unified V18 All versions affected by CVE-2024-42513	Currently no fix is available Please note that the affected functionality (HTTPS endpoint in OPC UA Server) is deactivated by default in Unified RT. Systems running with default configuration are therefore not affected by this vulnerability.
Totally Integrated Automation Portal (TIA Portal) V19	Update to V19 Update 4 or later version Please note that the affected functionality (HTTPS endpoint in OPC UA Server) is deactivated by default in Unified RT. Systems running with default configuration are therefore not affected by this vulnerability. https://support.industry.siemens.com/cs/ww/en/view/109925643/
SIMATIC WinCC Unified V19 All versions < V19 Update 4 affected by CVE-2024-42513	Update to V19 Update 4 or later version Please note that the affected functionality (HTTPS endpoint in OPC UA Server) is deactivated by default in Unified RT. Systems running with default configuration are therefore not affected by this vulnerability. https://support.industry.siemens.com/cs/ww/en/view/109925643/

WORKAROUNDS AND MITIGATIONS

Product-specific remediations or mitigations can be found in the section Affected Products and Solution.
Please follow the General Security Recommendations.

GENERAL SECURITY RECOMMENDATIONS

As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals. Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity

PRODUCT DESCRIPTION

SIMATIC BRAUMAT / SISTAR are industry-specific control systems especially for the control and monitoring of recipe-controlled production processes such as in the food, beverages and tobacco industries as well as for comparable batch-oriented production processes.

Industrial Edge represents an open, ready-to-use Edge computing platform consisting of Edge devices, Edge apps, Edge connectivity, and an application and device management infrastructure.

SIMATIC Energy Manager provides users with a scalable, non-sector-specific energy data management system.

SIMATIC IPC DiagMonitor monitors, reports, visualizes and logs the system states of the SIMATIC IPCs. It communicates with other systems and reacts when events occur.

SIMATIC WinCC is a supervisory control and data acquisition (SCADA) system.

SIMATIC WinCC Unified is a completely new visualization system that enables you to successfully master the challenges of digitization in machine and plant engineering.

SIMIT Simluation Platform allows the simulation of plant setups in order to anticipate faults in the early planning phase.

A combination of hardware and software, Siemens’ SINUMERIK Edge provides a machine-oriented platform for apps that facilitate digital production support and optimization.

VULNERABILITY DESCRIPTION

Un-/Collapse All

This chapter describes all vulnerabilities (CVE-IDs) addressed in this security advisory. Wherever applicable, it also documents the product-specific impact of the individual vulnerabilities.

Vulnerability CVE-2024-42512

Vulnerability in the OPC UA .NET Standard Stack before 1.5.374.158 allows an unauthorized attacker to bypass application authentication when the deprecated Basic128Rsa15 security policy is enabled.

CVSS v3.1 Base Score	7.4
CVSS v3.1 Vector	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:W/RC:C
CWE	CWE-208: Observable Timing Discrepancy

Vulnerability CVE-2024-42513

Vulnerability in the OPC UA .NET Standard Stack before 1.5.374.158 allows an unauthorized attacker to bypass application authentication when using HTTPS endpoints.

CVSS v3.1 Base Score	9.1
CVSS v3.1 Vector	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:W/RC:C
CWE	CWE-305: Authentication Bypass by Primary Weakness

ADDITIONAL INFORMATION

For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories

HISTORY DATA

V1.0 (2025-03-11):

Publication Date

The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.