Published: 18/02/2015 Updated: 30/11/2016

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

The remote-management module in the (1) Multi Panels, (2) Comfort Panels, and (3) RT Advanced functionality in Siemens SIMATIC WinCC (TIA Portal) prior to 13 SP1 and in the (4) panels and (5) runtime functionality in SIMATIC WinCC flexible prior to 2008 SP3 Up7 does not properly encrypt credentials in transit, which makes it easier for remote malicious users to determine cleartext credentials by sniffing the network and conducting a decryption attack.

Vulnerable Product	Search on Vulmon	Subscribe to Product
siemens wincc 13.0

Dodgy creds found in Siemens ICS gear

The Register • Team Register • 16 Jun 2016

Don't run our stuff on soft networks, Siemens chimes

The US computer emergency response team is warning of weak credentials in Siemens SIMATIC WinCC flexible that can be remotely exploitable. The flaw, found by Positive Technologies' Gleb Gritsai and Roman Ilin, has been patched. Fortunately, it seems to require that attackers already have some privileged network position from which traffic could be inspected. The PC software is popular among utilities including those in chemical, energy, and water sectors around the world. "The remote management ...

CVE-2015-1358

Vulnerability Summary

Vulnerability Trend

Recent Articles

References

Vulmon Search

About

Products

Connect