Affected devices do not properly enforce user authentication on specific API endpoints. This could facilitate an unauthenticated remote attacker to circumvent authentication and impersonate a legitimate user. Successful exploitation requires that the attacker has learned the identity of a legitimate user.
Devices improperly enforce user authentication on specific API endpoints, allowing an attacker to access protected resources without providing valid credentials. The vulnerability is classified as CWE-639 (Authorization Bypass Through User-Controlled Key), meaning an attacker can specify another user's identifier and gain access on their behalf. A necessary condition for a successful attack is prior knowledge of the identity (identifier) of a legitimate system user.
An attacker can impersonate a legitimate user and gain unauthorized access to system functions and data, which may lead to complete compromise of confidentiality, integrity, and availability of both the attacked device and related systems.
Apply patches available from the manufacturer according to the following references: https://cert-portal.siemens.com/productcert/html/ssa-001536.html and https://cert-portal.siemens.com/productcert/html/ssa-014678.html. Until the patch is deployed, it is recommended to restrict network access to vulnerable API endpoints through a firewall or network segmentation.
Siemens devices specified in manufacturer references (SSA-001536, SSA-014678) — specific models and versions should be verified in Siemens ProductCERT security advisories
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X