Vulnerability in Siemens Simatic_step_7

CVE-2015-1355

Siemens SIMATIC STEP 7 (TIA Portal) before 13 SP1 uses a weak password-hash algorithm, which makes it easier for local users to determine cleartext passwords by reading a project file and conducting a brute-force attack.

Vulnerability class: POODLE (CVE-2014-3566)

EPSS: 0.001 (17.9th percentile) — read the EPSS interpretation.

Affected products

Siemens Simatic_step_7
N/a — versions n/a

Weakness classification (CWE)

CWE-310 — Cryptographic Issues

References

cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)