CVE-2011-4515

2013-03-21T14:55:00
ID CVE-2011-4515
Type cve
Reporter cve@mitre.org
Modified 2013-05-31T04:00:00

Description

Siemens WinCC (TIA Portal) 11 uses a reversible algorithm for storing HMI web-application passwords in world-readable and world-writable files, which allows local users to obtain sensitive information by leveraging (1) physical access or (2) Sm@rt Server access. Per http://ics-cert.us-cert.gov/pdf/ICSA-13-079-03.pdf

INSECURE PASWORD STORAGE User credentials for the HMI’s Web application are stored within the HMI’s system. These data are obfuscated in a reversible way and arereadable and writable for users with physical access or Sm@rt Server access to the system.