CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
EPSS
Percentile
49.1%
The remote host is running a version of Siemens SIMATIC STEP 7 (TIA Portal) prior to version 13 Service Pack 1 Update 1. It is, therefore, affected by multiple vulnerabilities :
An unspecified man-in-the-middle vulnerability allows remote attackers to intercept or modify Siemens industrial communications. (CVE-2015-1601)
An unspecified password hashing flaw allows local attackers with read access to TIA project files to reconstruct protection-level and web server passwords.
(CVE-2015-1602)
Binary data scada_siemens_tia_multiple_vulnerabilities_SSA-315836.nbin