VDB
SSA-858251
SSA-858251
PUBLISHED
CVSS 7.400000095367432 HIGH
Vulnerability in the OPC UA .NET Standard Stack before 1.5.374.158 allows an unauthorized attacker to bypass application authentication when the deprecated Basic128Rsa15 security policy is enabled.
Risk Scores
CVSS 3.1
7.400000095367432
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Siemens | SIMATIC Energy Manager PRO V7.4 | |
| Siemens | SIMATIC WinCC Unified V19 | |
| Siemens | SIMATIC IPC DiagMonitor | |
| Siemens | SIMIT V11 | |
| Siemens | Industrial Edge for Machine Tools (formerly known as "SINUMERIK Edge") | |
| Siemens | SIMATIC Energy Manager PRO V7.5 | |
| Siemens | SIMATIC Energy Manager PRO V7.3 | |
| Siemens | SIMATIC WinCC Unified V18 | |
| Siemens | SIMATIC Energy Manager PRO V7.2 | |
| Siemens | SIMATIC WinCC V8.0 |
Timeline
- Mar 11, 2025 CVE Published
- Jan 13, 2026 CVE Updated
References
- https://cert-portal.siemens.com/productcert/csaf/ssa-858251.json advisory
- https://cert-portal.siemens.com/productcert/html/ssa-858251.html advisory
- https://support.industry.siemens.com/cs/ww/en/view/109987184/ patch
- https://support.industry.siemens.com/cs/ww/en/view/109997044/ patch
- https://support.industry.siemens.com/cs/ww/en/view/109996728/ patch
- https://support.industry.siemens.com/cs/ww/en/view/109925643/ patch
- https://support.industry.siemens.com/cs/ww/en/view/109818723/ patch