Auth bypass in Siemens Simatic_hmi_basic_panels_generation_1

CVE-2015-2823

Siemens SIMATIC HMI Basic Panels 2nd Generation before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC HMI Comfort Panels before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC WinCC Runtime Advanced before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC WinCC Ru…

Vulnerability class: Broken Authentication

EPSS: 0.005 (66.2th percentile) — read the EPSS interpretation.

Affected products

Siemens Simatic_hmi_basic_panels_generation_1
Siemens Simatic_hmi_basic_panels_generation_2
Siemens Simatic_hmi_comfort_panels
Siemens Simatic_hmi_mobile_panel_277
Siemens Simatic_hmi_multi_panels
Siemens Wincc — versions 7.0, 7.1, 7.2
N/a — versions n/a

Weakness classification (CWE)

CWE-287 — Improper Authentication

References

74040 (vdb-entry, x_refsource_BID)
cve@mitre.org (x_refsource_CONFIRM, Patch, Vendor Advisory)
cve@mitre.org (x_refsource_CONFIRM)