CVE-2018-13811Use of Password Hash With Insufficient Computational Effort in Siemens Simatic Step 7

CWE-916Use of Password Hash With Insufficient Computational EffortCWE-200Sensitive Information Exposure3 documents3 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 92.28%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Siemens Simatic Step 7Siemens AG Simatic Step 7
Timeline
PublishedDec 13
Latest updateMay 13

Description

A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) (All Versions < V15.1). Password hashes with insufficient computational effort could allow an attacker to access to a project file and reconstruct passwords. The vulnerability could be exploited by an attacker with local access to the project file. No user interaction is required to exploit the vulnerability. The vulnerability could allow the attacker to obtain certain passwords from the project. At the time of advisory publicati

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5siemens_ag/simatic_step_7SIMATIC STEP 7 (TIA Portal) : All Versions < V15.1

🔴Vulnerability Details

2
GHSA
GHSA-h726-fjm4-p2g2: A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) (All Versions < V152022-05-13
CVEList
CVE-2018-13811: A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) (All Versions < V152018-12-13
CVE-2018-13811 — Siemens Simatic Step 7 vulnerability | cvebase