Release date:
Updated on:
Affected Systems:
Siemens SIMATIC WinCC Open Architecture <3.12 P002 January
Description:
--------------------------------------------------------------------------------
Bugtraq id: 65339
CVE (CAN) ID: CVE-2014-1696
Siemens SIMATIC WinCC is a SCADA and HMI system for monitoring control and data collection.
Earlier than siemens simatic WinCC OA 3.12 P002, siemens simatic WinCC uses a weak password hash algorithm, which has a security vulnerability. Remote attackers can obtain access permissions through brute force attacks.
<* Source: Gleb Gritsai
Ilya Karpov
Kirill Nesterov
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Siemens
-------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://www.siemens.com/corporate-technology/pool/
Http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-342587.pdf