CVE-2015-2823
First published: Wed Apr 08 2015(Updated: )
Siemens SIMATIC HMI Basic Panels 2nd Generation before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC HMI Comfort Panels before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC WinCC Runtime Advanced before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC WinCC Runtime Professional before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC HMI Basic Panels 1st Generation (WinCC TIA Portal), SIMATIC HMI Mobile Panel 277 (WinCC TIA Portal), SIMATIC HMI Multi Panels (WinCC TIA Portal), and SIMATIC WinCC 7.x before 7.3 Upd4 allow remote attackers to complete authentication by leveraging knowledge of a password hash without knowledge of the associated password.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Siemens WinCC | =7.0 | |
| Siemens WinCC | =7.1 | |
| Siemens WinCC | =7.2 | |
| Siemens WinCC | =7.3 | |
| Siemens WinCC | <=13.0 | |
| Siemens WinCC | <=13.0 | |
| Siemens SIMATIC HMI Basic Panels 1st Generation | ||
| siemens simatic hmi basic panels 2nd generation | ||
| Siemens SIMATIC HMI Comfort Panel | ||
| Siemens SIMATIC HMI Mobile Panel 277 | ||
| Siemens SIMATIC HMI MP Firmware |
Remedy
http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-487246.pdf
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2015-2823?
CVE-2015-2823 has a moderate severity rating due to potential unauthorized access to sensitive information.
How do I fix CVE-2015-2823?
To fix CVE-2015-2823, update to the latest version of Siemens WinCC at or after WinCC (TIA Portal) 13 SP1 Update 2.
Which versions of Siemens software are affected by CVE-2015-2823?
CVE-2015-2823 affects Siemens WinCC up to version 13 SP1 Update 2 and various HMI panels before specified updates.
What types of attacks could exploit CVE-2015-2823?
CVE-2015-2823 could be exploited through unauthorized access leading to potential alteration of operational processes.
Is there a patch available for CVE-2015-2823?
Yes, Siemens has released patches for CVE-2015-2823 as part of updates to the affected WinCC and HMI software.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/remedy
- agent/author
- agent/references
- agent/last-modified-date
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/siemens
- canonical/siemens wincc
- version/siemens wincc/7.0
- version/siemens wincc/7.1
- version/siemens wincc/7.2
- version/siemens wincc/7.3
- version/siemens wincc/13.0
- canonical/siemens simatic hmi basic panels 1st generation
- canonical/siemens simatic hmi basic panels 2nd generation
- canonical/siemens simatic hmi comfort panel
- canonical/siemens simatic hmi mobile panel 277
- canonical/siemens simatic hmi mp firmware