This script is Copyright (C) 2015-2017 Tenable Network Security, Inc.
An application running on the remote host is affected by multiple
The remote host is running a version of Siemens SIMATIC WinCC (TIA
Portal) 13.x prior to version 13 service pack 1 (1300.100.2201.15). It
is, therefore, affected by multiple vulnerabilities :
- A flaw exists in the project administration application
due to the use of a hardcoded encryption key. A remote
attacker can extract this key and use it to perform a
man-in-the-middle attack in order to gain access to the
- A flaw exists in the remote management module in Multi
Panels, Comfort Panels, and RT Advanced due to the
transmission of weakly protected credentials over the
network. A remote, man-in-the-middle attacker can
capture the network traffic of the remote management
module to gain access to credential information.
See also :
Upgrade to Siemens SIMATIC WinCC (TIA Portal) version 13 SP1
(1300.100.2201.15) or later.
Risk factor :
Medium / CVSS Base Score : 6.8