Hardcoded Encryption Key Vulnerability in Siemens SIMATIC WinCC
CVE-2014-4686

Currently unrated

Key Information:

Vendor: Siemens
Status: Wincc; Simatic Pcs7
Vendor: CVE Published:; 24 July 2014

Summary

The Project administration application in Siemens SIMATIC WinCC prior to version 7.3 contains a vulnerability due to a hardcoded encryption key. This flaw can be exploited by remote attackers who extract the key from another product installation. By utilizing this key, attackers can eavesdrop on sensitive network traffic transmitted over TCP port 1030, potentially leading to unauthorized access to confidential information.

References

http://www.siemens.com/innovation/pool/de/forschungsfelde...

x_refsource_CONFIRM

Timeline

Vulnerability published
Jul 24, 2014
Vulnerability Reserved
Jun 28, 2014