all InfoSec news
SSA-111512 V1.0: Client-side Authentication in SIMATIC WinCC OA
June 21, 2022, midnight |
Siemens ProductCERT Security Advisories cert-portal.siemens.com
SIMATIC WinCC OA implements client-side only authentication, when neither server-side authentication (SSA) nor Kerberos authentication is enabled. In this configuration, attackers could impersonate other users or exploit the client-server protocol without being authenticated.
Siemens recommends to enable server-side authentication (SSA) or Kerberos authentication for all WinCC OA projects, as documented in the WinCC OA Security Guideline. In SIMATIC WinCC OA server-side authentication is available since V3.15 (and offered as the default configuration since V3.17). Additional information can be found at: …
More from cert-portal.siemens.com / Siemens ProductCERT Security Advisories
Jobs in InfoSec / Cybersecurity
Cybersecurity Skills Challenge -- Sponsored by DoD
@ Correlation One | United States
Security Operations Center (SOC) Analyst
@ GK Cybersecurity Group | Remote
Azure Security Architect
@ First Quality | Remote US - Eastern or Central Timezone
Threat Intelligence Analyst
@ Atos | Remote Home, HOME (England & Wales), GB, Remote Hom
Alternance (F/H) Hardening, migration cloud et containerisation d'un application windows
@ Alstom | Villeurbanne, FR
Security Specialist / Analist (CIT)
@ Lely | Maassluis, Netherlands