Siemens Opcenter RDnL
Summary
A missing authentication vulnerability in Siemens Opcenter RDnL (utilizing ActiveMQ Artemis) could allow an unauthenticated attacker to inject messages into queues or exfiltrate them. Siemens recommends updating to the latest version of ActiveMQ Artemis to mitigate this risk. The vulnerability affects all versions of Siemens Opcenter RDnL.
IFF Assessment
An unauthenticated attacker can inject messages into queues or exfiltrate messages.
Severity
The CVSS v3 score of 7.1 reflects the vulnerability's potential to impact availability and integrity through message injection and exfiltration. The attack vector is adjacent network, and no privileges are required.
Defender Context
This vulnerability highlights the importance of proper authentication mechanisms, especially in industrial control systems. Defenders should prioritize patching and consider network segmentation to limit the impact of potential attacks from adjacent networks. Monitoring network traffic for unusual Core protocol connections is also crucial.