Critical manufacturing software affected by missing authentication flaw in underlying ActiveMQ Artemis component.
- All versions of Siemens Opcenter RDnL contain a critical authentication bypass vulnerability
- Attackers can inject malicious messages or steal data from message queues without authentication
- CISA rates the vulnerability 7.1 CVSS with worldwide deployment impact
All versions of Siemens Opcenter RDnL manufacturing software contain a critical vulnerability that allows unauthenticated attackers to manipulate message queues and potentially disrupt operations, according to a CISA industrial control systems advisory published this week.
The vulnerability, tracked as CVE-2026-27446, stems from missing authentication controls in the underlying Apache ActiveMQ Artemis messaging component. An attacker within the adjacent network can exploit the Core protocol to force the target system to establish connections with a rogue broker under their control.
Once connected, attackers can inject malicious messages into any queue or extract sensitive data from existing queues. CISA has assigned the vulnerability a CVSS score of 7.1, indicating high severity.
The flaw affects environments that permit incoming Core protocol connections from untrusted sources and allow outgoing connections to untrusted targets. Siemens Opcenter RDnL is used globally across critical manufacturing sectors, making the vulnerability particularly concerning for industrial operations.
While message integrity impacts are considered low due to the lack of auto-refresh functionality in affected systems, the availability impacts could be significant for manufacturing operations that rely on message queue communications for process control and coordination.
Apache ActiveMQ Artemis has released a patched version addressing the authentication bypass. Siemens recommends updating to the latest version of Opcenter RDnL to remediate the vulnerability.
Why It Matters
This vulnerability affects critical manufacturing infrastructure worldwide, creating potential operational disruption risks that CISOs must address with boards and manufacturing leadership. The authentication bypass in messaging systems could enable attackers to manipulate production processes or access sensitive manufacturing data, directly impacting business continuity and potentially triggering regulatory reporting requirements for critical infrastructure operators.
What To Do Now
- Inventory all Siemens Opcenter RDnL deployments across manufacturing environments
- Update to the latest version of Opcenter RDnL with patched ActiveMQ Artemis
- Deploy Core interceptors to deny Core downstream federation connect packets with type -16 or 0xfffffff0 as interim mitigation
- Review network segmentation to limit adjacent network access to critical manufacturing systems
