exploitDog

CVE-2015-1602

Опубликовано: 06 апр. 2015

Источник: nvd

CVSS2: 2.1

EPSS Низкий

Описание

Siemens SIMATIC STEP 7 (TIA Portal) 12 and 13 before 13 SP1 Upd1 improperly stores password data within project files, which makes it easier for local users to determine cleartext (1) protection-level passwords or (2) web-server passwords by leveraging the ability to read these files.

Ссылки

http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-315836.pdf
Patch
Vendor Advisory
http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-315836.pdf
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:siemens:simatic_step_7:*:sp1:*:*:*:*:*:*

Версия до 13.0 (включая)

cpe:2.3:a:siemens:simatic_step_7:12.0:*:*:*:*:*:*:*

cpe:2.3:a:siemens:simatic_step_7:13.0:*:*:*:*:*:*:*

EPSS

Процентиль: 18%

0.00056

Низкий

2.1 Low

CVSS2

Дефекты

CWE-200

Связанные уязвимости

GHSA-xrc4-pj8p-r2hh

github

больше 3 лет назад

Siemens SIMATIC STEP 7 (TIA Portal) 12 and 13 before 13 SP1 Upd1 improperly stores password data within project files, which makes it easier for local users to determine cleartext (1) protection-level passwords or (2) web-server passwords by leveraging the ability to read these files.

EPSS

Процентиль: 18%

0.00056

Низкий

2.1 Low

CVSS2

Дефекты

CWE-200