Password Vulnerability in SIMATIC STEP 7 by Siemens
CVE-2018-13811

5.5MEDIUM

Key Information:

Vendor: Siemens
Status: Simatic Step 7 (tia Portal)
Vendor: CVE Published:; 13 December 2018

Summary

A security flaw has been detected in SIMATIC STEP 7 (TIA Portal) affecting all versions prior to V15.1. This issue arises from the use of insufficient computational efforts for password hashing, allowing an attacker with local access to a project file to reconstruct passwords easily. Notably, no user interaction is necessary for exploitation, which heightens the risk of unauthorized access to sensitive project files. As of the advisory's release, there has been no evidence of public exploitation of this flaw, but its potential impact could lead to serious security breaches.

Affected Version(s)

SIMATIC STEP 7 (TIA Portal) SIMATIC STEP 7 (TIA Portal) : All Versions < V15.1

References

https://cert-portal.siemens.com/productcert/pdf/ssa-62149...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/105926

vdb-entryx_refsource_BID

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 13, 2018
Vulnerability Reserved
Jul 10, 2018