Vulnerabilities > Siemens > Simatic Step 7 > 5.5
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-04-06 | CVE-2015-1602 | Information Exposure vulnerability in Siemens Simatic Step 7 12.0/13.0/5.5 Siemens SIMATIC STEP 7 (TIA Portal) 12 and 13 before 13 SP1 Upd1 improperly stores password data within project files, which makes it easier for local users to determine cleartext (1) protection-level passwords or (2) web-server passwords by leveraging the ability to read these files. | 2.1 |
| 2015-04-06 | CVE-2015-1601 | 7PK - Security Features vulnerability in Siemens Simatic Step 7 12/13/5.5 Siemens SIMATIC STEP 7 (TIA Portal) 12 and 13 before 13 SP1 Upd1 allows man-in-the-middle attackers to obtain sensitive information or modify transmitted data via unspecified vectors. | 6.8 |
| 2015-03-07 | CVE-2015-1594 | Unspecified vulnerability in Siemens products Untrusted search path vulnerability in Siemens SIMATIC ProSave before 13 SP1; SIMATIC CFC before 8.0 SP4 Upd9 and 8.1 before Upd1; SIMATIC STEP 7 before 5.5 SP1 HF2, 5.5 SP2 before HF7, 5.5 SP3, and 5.5 SP4 before HF4; SIMOTION Scout before 4.4; and STARTER before 4.4 HF3 allows local users to gain privileges via a Trojan horse application file. local siemens | 6.9 |
| 2015-02-18 | CVE-2015-1356 | Permissions, Privileges, and Access Controls vulnerability in Siemens Simatic Step 7 12.0/13.0/5.5 Siemens SIMATIC STEP 7 (TIA Portal) before 13 SP1 determines a user's privileges on the basis of project-file fields that lack integrity protection, which allows remote attackers to establish arbitrary authorization data via a modified file. | 4.4 |
| 2015-02-18 | CVE-2015-1355 | Cryptographic Issues vulnerability in Siemens Simatic Step 7 12.0/13.0/5.5 Siemens SIMATIC STEP 7 (TIA Portal) before 13 SP1 uses a weak password-hash algorithm, which makes it easier for local users to determine cleartext passwords by reading a project file and conducting a brute-force attack. | 2.1 |
| 2012-07-26 | CVE-2012-3015 | Unspecified vulnerability in Siemens Simatic Pcs7 and Simatic Step 7 Untrusted search path vulnerability in Siemens SIMATIC STEP7 before 5.5 SP1, as used in SIMATIC PCS7 7.1 SP3 and earlier and other products, allows local users to gain privileges via a Trojan horse DLL in a STEP7 project folder. local siemens | 6.9 |