Lucene search

MitreCVE-2015-1358

HistoryFeb 18, 2015 - 2:59 a.m.

CVE-2015-1358

2015-02-1802:59:07

CWE-310

mitre

web.nvd.nist.gov

cve-2015-1358

siemens simatic wincc

remote-management module

credentials encryption

vulnerability

nvd

network security

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.6

Confidence

Low

EPSS

0.004

Percentile

71.9%

JSON

The remote-management module in the (1) Multi Panels, (2) Comfort Panels, and (3) RT Advanced functionality in Siemens SIMATIC WinCC (TIA Portal) before 13 SP1 and in the (4) panels and (5) runtime functionality in SIMATIC WinCC flexible before 2008 SP3 Up7 does not properly encrypt credentials in transit, which makes it easier for remote attackers to determine cleartext credentials by sniffing the network and conducting a decryption attack.

Affected configurations

Nvd

Node

siemenswinccMatch13.0

VendorProductVersionCPE
siemenswincc13.0cpe:2.3:a:siemens:wincc:13.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
siemens	wincc	13.0	cpe:2.3:a:siemens:wincc:13.0:::::::*

References

www.securityfocus.com/bid/72625

www.securitytracker.com/id/1036090

www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-526760.pdf

www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-543623.pdf

ics-cert.us-cert.gov/advisories/ICSA-16-161-02

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.6

Confidence

Low

EPSS

0.004

Percentile

71.9%

JSON

Related for CVE-2015-1358