Siemens: >> Simatic Step 7 >> 5.6 Security Vulnerabilities
Siemens SIMATIC STEP 7 (TIA Portal) 12 and 13 before 13 SP1 Upd1 allows man-in-the-middle attackers to obtain sensitive information or modify transmitted data via unspecified vectors.
CVSS Score
6.8
EPSS Score
0.004
Published
2015-04-06
Siemens SIMATIC STEP 7 (TIA Portal) before 13 SP1 determines a user's privileges on the basis of project-file fields that lack integrity protection, which allows remote attackers to establish arbitrary authorization data via a modified file.
CVSS Score
4.4
EPSS Score
0.001
Published
2015-02-18
Siemens SIMATIC STEP 7 (TIA Portal) before 13 SP1 uses a weak password-hash algorithm, which makes it easier for local users to determine cleartext passwords by reading a project file and conducting a brute-force attack.
CVSS Score
2.1
EPSS Score
0.001
Published
2015-02-18
Page 2