Siemens SIMATIC STEP 7 (TIA Portal) < 1300.100.2501.1 Multiple Vulnerabilities (SSA-315836)
Medium Nessus Plugin ID 81545
SynopsisAn application running on the remote host is affected by multiple vulnerabilities.
DescriptionThe remote host is running a version of Siemens SIMATIC STEP 7 (TIA Portal) prior to version 13 Service Pack 1 Update 1. It is, therefore, affected by multiple vulnerabilities :
- An unspecified man-in-the-middle vulnerability allows remote attackers to intercept or modify Siemens industrial communications. (CVE-2015-1601)
- An unspecified password hashing flaw allows local attackers with read access to TIA project files to reconstruct protection-level and web server passwords.
SolutionUpgrade to Siemens SIMATIC TIA Portal version 13 SP1 Update 1 or later as recommended by the vendor.