Invensys Wonderware InTouch 2012 R2 and earlier and Siemens ProcessSuite use a weak encryption algorithm for data in Ps_security.ini, which makes it easier for local users to discover passwords by reading this file.
References
| Link | Resource |
|---|---|
| http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-370812.pdf | Vendor Advisory |
| http://www.us-cert.gov/control_systems/pdf/ICSA-12-348-01.pdf | US Government Resource |
| http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-370812.pdf | Vendor Advisory |
| http://www.us-cert.gov/control_systems/pdf/ICSA-12-348-01.pdf | US Government Resource |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 01:43
| Type | Values Removed | Values Added |
|---|---|---|
| References | () http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-370812.pdf - Vendor Advisory | |
| References | () http://www.us-cert.gov/control_systems/pdf/ICSA-12-348-01.pdf - US Government Resource |
Information
Published : 2012-12-18 12:30
Updated : 2024-11-21 01:43
NVD link : CVE-2012-4693
Mitre link : CVE-2012-4693
CVE.ORG link : CVE-2012-4693
JSON object : View
Products Affected
siemens
- processsuite
invensys
- wonderware_intouch
CWE
CWE-310
Cryptographic Issues