CVE-2015-1602

Published: Apr 6, 2015Modified: May 6, 2026

2.1

Vector

AV:L/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 3.9 / Impact: 2.9

Source: NVD

Description

Siemens SIMATIC STEP 7 (TIA Portal) 12 and 13 before 13 SP1 Upd1 improperly stores password data within project files, which makes it easier for local users to determine cleartext (1) protection-level passwords or (2) web-server passwords by leveraging the ability to read these files.

Affected (3)

Products: Siemens: Simatic Step 7

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Siemens Simatic Step 7	Up to 13.0
Siemens Simatic Step 7	Version 12.0
Siemens Simatic Step 7	Version 13.0

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (2)

http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-315836.pdf

Source: cve@mitre.org

PatchVendor Advisory

http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-315836.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.