Published: 08/04/2015 Updated: 28/11/2016

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Siemens SIMATIC HMI Basic Panels 2nd Generation before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC HMI Comfort Panels before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC WinCC Runtime Advanced before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC WinCC Runtime Professional before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC HMI Basic Panels 1st Generation (WinCC TIA Portal), SIMATIC HMI Mobile Panel 277 (WinCC TIA Portal), SIMATIC HMI Multi Panels (WinCC TIA Portal), and SIMATIC WinCC 7.x prior to 7.3 Upd4 allow remote malicious users to complete authentication by leveraging knowledge of a password hash without knowledge of the associated password.

Vulnerable Product	Search on Vulmon	Subscribe to Product
siemens wincc 7.2
siemens wincc 7.3
siemens wincc 7.0
siemens wincc 7.1
siemens wincc

Ruskie ICS hacker drops nine holes in popular Siemens power plant kit

The Register • Darren Pauli • 31 Aug 2015

WinCC HMI control platform used in Natanz, Large Hadron Collider.

Ilya Karpov of Russian security outfit Positive Technologies has reported nine vulnerabilities in Siemens industrial control system kit used in critical operations from petrochemical labs and power plants up to the Large Hadron Collider. The holes, now patched, also include two for Schneider Electric kit and cover a mix of remote and local exploits that can grant attackers easy and valuable system access. The vulnerabilities (CVE-2015-2823) achieve a severity rating of 6.8 and allow remote net p...

CVE-2015-2823

Vulnerability Summary

Recent Articles

References

Vulmon Search

About

Products

Connect