6.8

CVE-2015-2823

EPSS 0.5%
Veröffentlicht 08.04.2015 16:59:01
Zuletzt bearbeitet 12.04.2025 10:46:40
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

Siemens SIMATIC HMI Basic Panels 2nd Generation before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC HMI Comfort Panels before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC WinCC Runtime Advanced before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC WinCC Runtime Professional before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC HMI Basic Panels 1st Generation (WinCC TIA Portal), SIMATIC HMI Mobile Panel 277 (WinCC TIA Portal), SIMATIC HMI Multi Panels (WinCC TIA Portal), and SIMATIC WinCC 7.x before 7.3 Upd4 allow remote attackers to complete authentication by leveraging knowledge of a password hash without knowledge of the associated password.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Siemens ≫ Wincc Version7.0

Siemens ≫ Wincc Version7.1

Siemens ≫ Wincc Version7.2

Siemens ≫ Wincc Version7.3

Siemens ≫ Wincc Updatesp1 Version <= 13.0

   Siemens ≫ Simatic Hmi Basic Panels Generation 1
   Siemens ≫ Simatic Hmi Basic Panels Generation 2
   Siemens ≫ Simatic Hmi Comfort Panels
   Siemens ≫ Simatic Hmi Mobile Panel 277
   Siemens ≫ Simatic Hmi Multi Panels

Siemens ≫ Wincc Updatesp1 SwEditionadvanced Version <= 13.0

   Siemens ≫ Simatic Hmi Basic Panels Generation 1
   Siemens ≫ Simatic Hmi Basic Panels Generation 2
   Siemens ≫ Simatic Hmi Comfort Panels
   Siemens ≫ Simatic Hmi Mobile Panel 277
   Siemens ≫ Simatic Hmi Multi Panels

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.5%	0.645

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

https://cert-portal.siemens.com/productcert/pdf/ssa-487246.pdf

http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-487246.pdf

Patch

Vendor Advisory

http://www.securityfocus.com/bid/74040

https://nvd.nist.gov/vuln/detail/CVE-2015-2823

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2015-2823

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2015-2823

EUVD