Siemens Opcenter Quality

Do you want an email whenever new security vulnerabilities are reported in Siemens Opcenter Quality?

By the Year

In 2024 there have been 0 vulnerabilities in Siemens Opcenter Quality . Last year Opcenter Quality had 5 security vulnerabilities published. Right now, Opcenter Quality is on track to have less security vulnerabilities in 2024 than it did last year.

Year	Vulnerabilities	Average Score
2024	0	0.00
2023	5	7.48
2022	1	7.50
2021	1	9.80
2020	3	6.73
2019	0	0.00
2018	0	0.00

It may take a day or so for new Opcenter Quality vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Siemens Opcenter Quality Security Vulnerabilities

A vulnerability has been identified in Opcenter Quality (All versions < V2312)

CVE-2023-46282 6.1 - Medium - December 12, 2023

A vulnerability has been identified in Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), SINUMERIK Integrate RunMyHMI /Automotive (All versions), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 7), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected applications that could allow an attacker to inject arbitrary JavaScript code. The code could be potentially executed later by another (possibly privileged) user.

XSS

A vulnerability has been identified in Opcenter Quality (All versions < V2312)

CVE-2023-46281 8.8 - High - December 12, 2023

A vulnerability has been identified in Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), SINUMERIK Integrate RunMyHMI /Automotive (All versions), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 7), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). When accessing the UMC Web-UI from affected products, UMC uses an overly permissive CORS policy. This could allow an attacker to trick a legitimate user to trigger unwanted behavior.

Permissive Cross-domain Policy with Untrusted Domains

A vulnerability has been identified in Opcenter Quality (All versions < V2312)

CVE-2023-46285 7.5 - High - December 12, 2023

A vulnerability has been identified in Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), SINUMERIK Integrate RunMyHMI /Automotive (All versions), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 7), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). The affected application contains an improper input validation vulnerability that could allow an attacker to bring the service into a Denial-of-Service state by sending a specifically crafted message to 4004/tcp. The corresponding service is auto-restarted after the crash is detected by a watchdog.

A vulnerability has been identified in Opcenter Quality (All versions < V2312)

CVE-2023-46284 7.5 - High - December 12, 2023

A vulnerability has been identified in Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), SINUMERIK Integrate RunMyHMI /Automotive (All versions), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 7), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). The affected application contains an out of bounds write past the end of an allocated buffer when handling specific requests on port 4002/tcp and 4004/tcp. This could allow an attacker to crash the application. The corresponding service is auto-restarted after the crash.

Memory Corruption

A vulnerability has been identified in Opcenter Quality (All versions < V2312)

CVE-2023-46283 7.5 - High - December 12, 2023

A vulnerability has been identified in Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), SINUMERIK Integrate RunMyHMI /Automotive (All versions), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 7), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). The affected application contains an out of bounds write past the end of an allocated buffer when handling specific requests on port 4002/tcp. This could allow an attacker to crash the application. The corresponding service is auto-restarted after the crash.

Classic Buffer Overflow

A vulnerability has been identified in Opcenter Quality V13.1 (All versions < V13.1.20220624)

CVE-2022-33736 7.5 - High - July 12, 2022

A vulnerability has been identified in Opcenter Quality V13.1 (All versions < V13.1.20220624), Opcenter Quality V13.2 (All versions < V13.2.20220624). The affected applications do not properly validate login information during authentication. This could lead to denial of service condition for existing users or allow unauthenticated remote attackers to successfully login without credentials.

authentification

A vulnerability has been identified in Opcenter Quality (All versions < V12.2), QMS Automotive (All versions < V12.30)

CVE-2021-27389 9.8 - Critical - April 22, 2021

A vulnerability has been identified in Opcenter Quality (All versions < V12.2), QMS Automotive (All versions < V12.30). A private sign key is shipped with the product without adequate protection.

Use of Hard-coded Cryptographic Key

A vulnerability has been identified in Opcenter Execution Discrete (All versions < V3.2)

CVE-2020-7581 6.7 - Medium - July 14, 2020

A vulnerability has been identified in Opcenter Execution Discrete (All versions < V3.2), Opcenter Execution Foundation (All versions < V3.2), Opcenter Execution Process (All versions < V3.2), Opcenter Intelligence (All versions < V3.3), Opcenter Quality (All versions < V11.3), Opcenter RD&L (V8.0), SIMATIC Notifier Server for Windows (All versions), SIMATIC PCS neo (All versions < V3.0 SP1), SIMATIC STEP 7 (TIA Portal) V15 (All versions < V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 2), SIMOCODE ES V15.1 (All versions < V15.1 Update 4), SIMOCODE ES V16 (All versions < V16 Update 1), Soft Starter ES V15.1 (All versions < V15.1 Update 3), Soft Starter ES V16 (All versions < V16 Update 1). A component within the affected application calls a helper binary with SYSTEM privileges during startup while the call path is not quoted. This could allow a local attacker with administrative privileges to execute code with SYSTEM level privileges.

Unquoted Search Path or Element

A vulnerability has been identified in Opcenter Execution Discrete (All versions < V3.2)

CVE-2020-7587 8.2 - High - July 14, 2020

A vulnerability has been identified in Opcenter Execution Discrete (All versions < V3.2), Opcenter Execution Foundation (All versions < V3.2), Opcenter Execution Process (All versions < V3.2), Opcenter Intelligence (All versions < V3.3), Opcenter Quality (All versions < V11.3), Opcenter RD&L (V8.0), SIMATIC IT LMS (All versions < V2.6), SIMATIC IT Production Suite (All versions < V8.0), SIMATIC Notifier Server for Windows (All versions), SIMATIC PCS neo (All versions < V3.0 SP1), SIMATIC STEP 7 (TIA Portal) V15 (All versions < V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 2), SIMOCODE ES V15.1 (All versions < V15.1 Update 4), SIMOCODE ES V16 (All versions < V16 Update 1), Soft Starter ES V15.1 (All versions < V15.1 Update 3), Soft Starter ES V16 (All versions < V16 Update 1). Sending multiple specially crafted packets to the affected service could cause a partial remote denial-of-service, that would cause the service to restart itself. On some cases the vulnerability could leak random information from the remote service.

Resource Exhaustion

A vulnerability has been identified in Opcenter Execution Discrete (All versions < V3.2)

CVE-2020-7588 5.3 - Medium - July 14, 2020

A vulnerability has been identified in Opcenter Execution Discrete (All versions < V3.2), Opcenter Execution Foundation (All versions < V3.2), Opcenter Execution Process (All versions < V3.2), Opcenter Intelligence (All versions < V3.3), Opcenter Quality (All versions < V11.3), Opcenter RD&L (V8.0), SIMATIC IT LMS (All versions < V2.6), SIMATIC IT Production Suite (All versions < V8.0), SIMATIC Notifier Server for Windows (All versions), SIMATIC PCS neo (All versions < V3.0 SP1), SIMATIC STEP 7 (TIA Portal) V15 (All versions < V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 2), SIMOCODE ES V15.1 (All versions < V15.1 Update 4), SIMOCODE ES V16 (All versions < V16 Update 1), Soft Starter ES V15.1 (All versions < V15.1 Update 3), Soft Starter ES V16 (All versions < V16 Update 1). Sending a specially crafted packet to the affected service could cause a partial remote denial-of-service, that would cause the service to restart itself.

Improper Input Validation

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Siemens Soft Starter Es or by Siemens? Click the Watch button to subscribe.

Siemens
Vendor

Siemens Opcenter Quality
Product

Siemens Opcenter Quality

By the Year

Recent Siemens Opcenter Quality Security Vulnerabilities

A vulnerability has been identified in Opcenter Quality (All versions < V2312) CVE-2023-46282 6.1 - Medium - December 12, 2023

A vulnerability has been identified in Opcenter Quality (All versions < V2312) CVE-2023-46281 8.8 - High - December 12, 2023

A vulnerability has been identified in Opcenter Quality (All versions < V2312) CVE-2023-46285 7.5 - High - December 12, 2023

A vulnerability has been identified in Opcenter Quality (All versions < V2312) CVE-2023-46284 7.5 - High - December 12, 2023

A vulnerability has been identified in Opcenter Quality (All versions < V2312) CVE-2023-46283 7.5 - High - December 12, 2023

A vulnerability has been identified in Opcenter Quality V13.1 (All versions < V13.1.20220624) CVE-2022-33736 7.5 - High - July 12, 2022

A vulnerability has been identified in Opcenter Quality (All versions < V12.2), QMS Automotive (All versions < V12.30) CVE-2021-27389 9.8 - Critical - April 22, 2021

A vulnerability has been identified in Opcenter Execution Discrete (All versions < V3.2) CVE-2020-7581 6.7 - Medium - July 14, 2020

A vulnerability has been identified in Opcenter Execution Discrete (All versions < V3.2) CVE-2020-7587 8.2 - High - July 14, 2020

A vulnerability has been identified in Opcenter Execution Discrete (All versions < V3.2) CVE-2020-7588 5.3 - Medium - July 14, 2020