<p>Opcenter RDnL is affected by missing authentication in critical
function in ‘ActiveMQ Artemis’. An unauthenticated attacker within the
adjacent network could use the Core protocol to force a target broker to
establish an outbound Core federation connection to an
attacker-controlled rogue broker. This could potentially result in
availability impacts or message injection into any queue via the rogue
broker. Breaking the integrity of a message has a low impact due to
missing auto refresh functionality and it does not contain any
confidential information.</p>
<p>ActiveMQ Artemis has released a new version and Siemens recommends to
update to the latest version.</p>
Source link
