5

CVE-2015-1358

EPSS 0.8%
Published 18.02.2015 02:59:07
Last modified 12.04.2025 10:46:40
Source cve@mitre.org
Teams watchlist Login
Open Login

The remote-management module in the (1) Multi Panels, (2) Comfort Panels, and (3) RT Advanced functionality in Siemens SIMATIC WinCC (TIA Portal) before 13 SP1 and in the (4) panels and (5) runtime functionality in SIMATIC WinCC flexible before 2008 SP3 Up7 does not properly encrypt credentials in transit, which makes it easier for remote attackers to determine cleartext credentials by sniffing the network and conducting a decryption attack.

Affected products Warnungen 0 Metrics 2 CWE 0 References 8

Data is provided by the National Vulnerability Database (NVD)

Siemens ≫ Wincc Version13.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.8%	0.73

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

http://www.securityfocus.com/bid/72625

http://www.securitytracker.com/id/1036090

http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-526760.pdf

http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-543623.pdf

Vendor Advisory

https://ics-cert.us-cert.gov/advisories/ICSA-16-161-02

US Government Resource

https://nvd.nist.gov/vuln/detail/CVE-2015-1358

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2015-1358

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2015-1358

EUVD