Authentication bypass in SIMATIC Logon - CVE-2017-2684
Published: February 14, 2017 / Updated: February 15, 2017
Vulnerability identifier: #VU5825
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-2684
CWE-ID: CWE-592
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Siemens
Affected software:
SIMATIC Logon
SIMATIC Logon
Detailed vulnerability description
The vulnerability allows a local user to bypass authentication.
The vulnerability exists due to unknown error in SIMATIC Logon application, which is used by multiple SIMATIC products. A local user with access to affected application and knowledge of user name can bypass authentication process and gain unauthorized access to otherwise restricted resources.
The vulnerability affects all products, which use SIMATIC Logon application for authentication:
- SIMATIC IT products
- SIMATIC WinCC
- SIMATIC WinCC Runtime
- SIMATIC PCS 7
- SIMATIC PDM
How to mitigate CVE-2017-2684
The vendor has released a security update to address this vulnerability:
SIMATIC Logon V1.5 SP3 Update 2
SIMATIC Logon V1.5 SP3 Update 2