Siemens SIMATIC WinCC (TIA Portal) 13.x < 13 SP1 Upd2 Multiple Vulnerabilities (SSA-487246)

This script is Copyright (C) 2015-2017 Tenable Network Security, Inc.


Synopsis :

An application installed on the remote host is affected by multiple
vulnerabilities.

Description :

The version of Siemens SIMATIC WinCC (TIA Portal) installed on the
remote host is 13.x prior to version 13 service pack 1 update 2
(1300.102.401.5). It is, therefore, affected by multiple
vulnerabilities :

- A man-in-the-middle attacker with access to the network
path between an HMI panel and a PLC can conduct a denial
of service attack against the HMI panel by sending
specially crafted packets to the HMI on TCP port 102.
This vulnerability affects SIMATIC WinCC Comfort Panels
and SIMATIC WinCC Runtime Advanced. (CVE-2015-2822)

- A remote attacker, by obtaining password hashes for
SIMATIC WinCC users, can use the hashes to successfully
authenticate as a valid user. (CVE-2015-2823)

See also :

http://www.nessus.org/u?8ff8609e
https://ics-cert.us-cert.gov/advisories/ICSA-15-099-01

Solution :

Upgrade to Siemens SIMATIC WinCC (TIA Portal) version 13 SP1 Upd2
(1300.102.401.5) or later.

Risk factor :

High / CVSS Base Score : 7.1
(CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C)

Family: SCADA

Nessus Plugin ID: 82853 ()

Bugtraq ID: 74028
74040

CVE ID: CVE-2015-2822
CVE-2015-2823

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now