Vulnerabilities > CVE-2014-1696 - Cryptographic Issues vulnerability in Siemens Simatic Wincc Open Architecture
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
Siemens SIMATIC WinCC OA before 3.12 P002 January uses a weak hash algorithm for passwords, which makes it easier for remote attackers to obtain access via a brute-force attack.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Signature Spoofing by Key Recreation An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
Seebug
| bulletinFamily | exploit |
| description | BUGTRAQ ID: 65339 CVE(CAN) ID: CVE-2014-1696 Siemens SIMATIC WinCC 是监测控制和数据采集SCADA及人机界面HMI系统。 SIEMENS SIMATIC WinCC OA 3.12 P002之前版本使用了弱密码哈希算法,存在安全漏洞,远程攻击者通过暴力攻击,即可获取访问权限。 0 Siemens SIMATIC WinCC Open Architecture < 3.12 P002 January 厂商补丁: Siemens ------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.siemens.com/corporate-technology/pool/ http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-342587.pdf |
| id | SSV:61422 |
| last seen | 2017-11-19 |
| modified | 2014-02-12 |
| published | 2014-02-12 |
| reporter | Root |
| title | SIEMENS SIMATIC WinCC Open Architecture不安全密码哈希漏洞 |