#VU68263 Insufficiently protected credentials in Siemens Server applications
Vulnerability identifier: #VU68263
Vulnerability risk: Low
CVSSv3.1: 8.1 [CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-522
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
SIMATIC ET 200SP Open Controller CPU 1515SP PC
Hardware solutions /
Other hardware appliances
SIMATIC Drive Controller
Hardware solutions /
Firmware
SIMATIC S7-1200 CPU family
Hardware solutions /
Firmware
SIMATIC S7-1500 CPU
Hardware solutions /
Firmware
SIMATIC ET 200SP Open Controller CPU 1515SP PC2
Server applications /
SCADA systems
SIMATIC S7-1500 Software Controller
Server applications /
SCADA systems
SIMATIC S7-PLCSIM Advanced
Server applications /
SCADA systems
Vendor: Siemens
Description
The vulnerability allows a local attacker to compromise the target system.
The vulnerability exists due to insufficiently protected credentials. A local attacker can discover the private key of a CPU product family and extract confidential configuration data from projects that are protected by that key or perform attacks against legacy PG/PC and HMI communication.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
SIMATIC ET 200SP Open Controller CPU 1515SP PC: All versions
External links
http://cert-portal.siemens.com/productcert/pdf/ssa-568427.pdf
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
