Password Storage Vulnerability in Siemens WinCC by Siemens
CVE-2011-4515

Currently unrated

Key Information:

Vendor: Siemens
Status: Wincc Tia Portal
Vendor: CVE Published:; 21 March 2013

Summary

Siemens WinCC (TIA Portal) version 11 is susceptible to a vulnerability that stems from the use of a reversible algorithm for storing HMI web-application passwords in files that are both world-readable and world-writable. This security flaw may allow local users with physical access or those who can access the Sm@rt Server to retrieve sensitive information, posing a significant risk to the integrity and confidentiality of the system.

References

http://ics-cert.us-cert.gov/pdf/ICSA-13-079-03.pdf

x_refsource_MISC

http://www.siemens.com/corporate-technology/pool/de/forsc...

x_refsource_CONFIRM

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Mar 21, 2013