The remote-management module in the (1) Multi Panels, (2) Comfort Panels, and (3) RT Advanced functionality in Siemens SIMATIC WinCC (TIA Portal) before 13 SP1 and in the (4) panels and (5) runtime functionality in SIMATIC WinCC flexible before 2008 SP3 Up7 does not properly encrypt credentials in transit, which makes it easier for remote attackers to determine cleartext credentials by sniffing the network and conducting a decryption attack.
References
Configurations
History
21 Nov 2024, 02:25
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.securityfocus.com/bid/72625 - | |
References | () http://www.securitytracker.com/id/1036090 - | |
References | () http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-526760.pdf - | |
References | () http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-543623.pdf - Vendor Advisory | |
References | () https://ics-cert.us-cert.gov/advisories/ICSA-16-161-02 - US Government Resource |
Information
Published : 2015-02-18 02:59
Updated : 2024-11-21 02:25
NVD link : CVE-2015-1358
Mitre link : CVE-2015-1358
CVE.ORG link : CVE-2015-1358
JSON object : View
Products Affected
siemens
- wincc
CWE
CWE-310
Cryptographic Issues