Siemens SIMATIC STEP 7 (TIA Portal) < 1300.100.2501.1 Multiple Vulnerabilities (SSA-315836)

Medium Nessus Plugin ID 81545


An application running on the remote host is affected by multiple vulnerabilities.


The remote host is running a version of Siemens SIMATIC STEP 7 (TIA Portal) prior to version 13 Service Pack 1 Update 1. It is, therefore, affected by multiple vulnerabilities :

- An unspecified man-in-the-middle vulnerability allows remote attackers to intercept or modify Siemens industrial communications. (CVE-2015-1601)

- An unspecified password hashing flaw allows local attackers with read access to TIA project files to reconstruct protection-level and web server passwords.


Upgrade to Siemens SIMATIC TIA Portal version 13 SP1 Update 1 or later as recommended by the vendor.

See Also

Plugin Details

Severity: Medium

ID: 81545

File Name: scada_siemens_tia_multiple_vulnerabilities_SSA-315836.nbin

Version: $Revision: 1.25 $

Type: local

Family: SCADA

Published: 2015/02/26

Modified: 2018/01/29

Dependencies: 81789

Risk Information

Risk Factor: Medium


Base Score: 5.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N

Vulnerability Information

CPE: cpe:/a:siemens:simatic_tiaportal

Required KB Items: installed_sw/Siemens SIMATIC STEP 7 (TIA Portal)

Patch Publication Date: 2015/02/17

Vulnerability Publication Date: 2015/02/17

Reference Information

CVE: CVE-2015-1601, CVE-2015-1602

BID: 72691, 72695

OSVDB: 118469, 118470

ICSA: 15-050-01