SIMATIC WinCC device information leakage Vulnerability (CVE-2015-1601)
SIMATIC WinCC device information leakage Vulnerability (CVE-2015-1601)
Release date:
Updated on:
Affected Systems:
Siemens SIMATIC WinCC (TIA Portal) <13 SP1 Upd2
Description:
CVE (CAN) ID: CVE-2015-1601
Siemens simatic step 7 TIA Portal is the engineering software of SIMATIC products.
A security vulnerability exists in versions earlier than Siemens simatic step 7 (TIA Portal) 12 and 13 SP1 Upd1. Man-in-the-middle attackers can exploit this vulnerability to obtain sensitive information or modify transmission data on port 102/tcp.
<* Source: Ilya Karpov
*>
Suggestion:
Vendor patch:
Siemens
-------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-487246.pdf
This article permanently updates the link address: