CVE-2014-1696
published 2014-02-07CVE-2014-1696: Siemens SIMATIC WinCC OA before 3.12 P002 January uses a weak hash algorithm for passwords, which makes it easier for remote attackers to obtain access via a…
PriorityP425medium5CVSS 2.0
AVNACLAuNCPINAN
EPSS
1.69%
74.2th percentile
Siemens SIMATIC WinCC OA before 3.12 P002 January uses a weak hash algorithm for passwords, which makes it easier for remote attackers to obtain access via a brute-force attack.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| siemens | simatic_wincc_open_architecture | <= 3.12 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Siemens SIMATIC WinCC OA Multiple Vulnerabilities
cisa_ics·2018-09-06
Siemens SIMATIC WinCC OA Multiple Vulnerabilities
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Siemens SIMATIC WinCC OA Multiple Vulnerabilities
Last RevisedSeptember 06, 2018
Alert CodeICSA-14-035-01
## OVERVIEW
Researchers Gleb Gritsai, Ilya Karpov, and Kirill Nesterov of Positive Technologies have identified multiple vulnerabilities in the Siemens SIMATIC WinCC Open Architecture (OA) application. Siemens has produced updates that mitigate these vulnerabilities.
These vulnerabilities could be exploited remotely.
## AFFECTED PRODUCTS
The following Siemens product is affected:
- SIMATIC WinCC OA all versions prior to 3.12 P002
## IMPACT
Successful exploitation of th
GHSA
GHSA-p2vr-w26x-2355: Siemens SIMATIC WinCC OA before 3
ghsa_unreviewed·2022-05-17
CVE-2014-1696 [MEDIUM] GHSA-p2vr-w26x-2355: Siemens SIMATIC WinCC OA before 3
Siemens SIMATIC WinCC OA before 3.12 P002 January uses a weak hash algorithm for passwords, which makes it easier for remote attackers to obtain access via a brute-force attack.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://ics-cert.us-cert.gov/advisories/ICSA-14-035-01http://osvdb.org/102809http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-342587.pdfhttps://exchange.xforce.ibmcloud.com/vulnerabilities/90934http://ics-cert.us-cert.gov/advisories/ICSA-14-035-01http://osvdb.org/102809http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-342587.pdfhttps://exchange.xforce.ibmcloud.com/vulnerabilities/90934
2014-02-07
Published