CVE-2015-2823

2015-04-0816:59:01

CWE-287

[email protected]

web.nvd.nist.gov

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

6.9

Confidence

Low

EPSS

0.007

Percentile

80.6%

JSON

Siemens SIMATIC HMI Basic Panels 2nd Generation before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC HMI Comfort Panels before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC WinCC Runtime Advanced before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC WinCC Runtime Professional before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC HMI Basic Panels 1st Generation (WinCC TIA Portal), SIMATIC HMI Mobile Panel 277 (WinCC TIA Portal), SIMATIC HMI Multi Panels (WinCC TIA Portal), and SIMATIC WinCC 7.x before 7.3 Upd4 allow remote attackers to complete authentication by leveraging knowledge of a password hash without knowledge of the associated password.

Affected configurations

Nvd

Node

siemenswinccMatch7.0

siemenswinccMatch7.1

siemenswinccMatch7.2

siemenswinccMatch7.3

Node

siemenswinccRange≤13.0sp1

siemenswinccRange≤13.0sp1advanced

AND

siemenssimatic_hmi_basic_panels_generation_1

siemenssimatic_hmi_basic_panels_generation_2

siemenssimatic_hmi_comfort_panels

siemenssimatic_hmi_mobile_panel_277

siemenssimatic_hmi_multi_panels

VendorProductVersionCPE
siemenswincc7.0cpe:2.3:a:siemens:wincc:7.0:*:*:*:*:*:*:*
siemenswincc7.1cpe:2.3:a:siemens:wincc:7.1:*:*:*:*:*:*:*
siemenswincc7.2cpe:2.3:a:siemens:wincc:7.2:*:*:*:*:*:*:*
siemenswincc7.3cpe:2.3:a:siemens:wincc:7.3:*:*:*:*:*:*:*
siemenswincc*cpe:2.3:a:siemens:wincc:*:sp1:*:*:*:*:*:*
siemenswincc*cpe:2.3:a:siemens:wincc:*:sp1:*:*:advanced:*:*:*
siemenssimatic_hmi_basic_panels_generation_1*cpe:2.3:h:siemens:simatic_hmi_basic_panels_generation_1:*:*:*:*:*:*:*:*
siemenssimatic_hmi_basic_panels_generation_2*cpe:2.3:h:siemens:simatic_hmi_basic_panels_generation_2:*:*:*:*:*:*:*:*
siemenssimatic_hmi_comfort_panels*cpe:2.3:h:siemens:simatic_hmi_comfort_panels:*:*:*:*:*:*:*:*
siemenssimatic_hmi_mobile_panel_277*cpe:2.3:h:siemens:simatic_hmi_mobile_panel_277:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
siemens	wincc	7.0	cpe:2.3:a:siemens:wincc:7.0:::::::*
siemens	wincc	7.1	cpe:2.3:a:siemens:wincc:7.1:::::::*
siemens	wincc	7.2	cpe:2.3:a:siemens:wincc:7.2:::::::*
siemens	wincc	7.3	cpe:2.3:a:siemens:wincc:7.3:::::::*
siemens	wincc	*	cpe:2.3:a:siemens:wincc::sp1::::::*
siemens	wincc	*	cpe:2.3:a:siemens:wincc::sp1:::advanced:::
siemens	simatic_hmi_basic_panels_generation_1	*	cpe:2.3:h:siemens:simatic_hmi_basic_panels_generation_1::::::::
siemens	simatic_hmi_basic_panels_generation_2	*	cpe:2.3:h:siemens:simatic_hmi_basic_panels_generation_2::::::::
siemens	simatic_hmi_comfort_panels	*	cpe:2.3:h:siemens:simatic_hmi_comfort_panels::::::::
siemens	simatic_hmi_mobile_panel_277	*	cpe:2.3:h:siemens:simatic_hmi_mobile_panel_277::::::::