Information disclosure in Siemens Simatic_step_7

CVE-2015-1602

Siemens SIMATIC STEP 7 (TIA Portal) 12 and 13 before 13 SP1 Upd1 improperly stores password data within project files, which makes it easier for local users to determine cleartext (1) protection-level passwords or (2) web-server passwords…

Vulnerability class: Information Disclosure

EPSS: 0.001 (17.9th percentile) — read the EPSS interpretation.

Affected products

Siemens Simatic_step_7 — versions 12.0, 13.0
N/a — versions n/a

Weakness classification (CWE)

CWE-200 — Information Disclosure

References

cve@mitre.org (x_refsource_CONFIRM, Patch, Vendor Advisory)