This script is Copyright (C) 2015-2017 Tenable Network Security, Inc.
An application running on the remote host is affected by multiple
The remote host is running a version of Siemens SIMATIC STEP 7 (TIA Portal)
prior to version 13 Service Pack 1 Update 1. It is, therefore, affected by
multiple vulnerabilities :
- An unspecified man-in-the-middle vulnerability allows
remote attackers to intercept or modify Siemens
industrial communications. (CVE-2015-1601)
- An unspecified password hashing flaw allows local
attackers with read access to TIA project files to
reconstruct protection-level and web server passwords.
See also :
Upgrade to Siemens SIMATIC TIA Portal version 13 SP1 Update 1 or later as
recommended by the vendor.
Risk factor :
Medium / CVSS Base Score : 5.8