![siemens step 7 v13 upgrade siemens step 7 v13 upgrade](https://docs.factoryio.com/tutorials/siemens/img/setting-up-s7-plcsim-v13/tia-startsim.png)
CVE-2015-1602 has been assigned to this vulnerability.
![siemens step 7 v13 upgrade siemens step 7 v13 upgrade](https://asset.conrad.com/media10/isa/160267/c1/-/en/001732063PI99/image.jpg)
USE OF PASSWORD HASH WITH INSUFFICIENT COMPUTATIONAL EFFORT Attackers with read access to TIA project files could possibly reconstruct protection-level passwords or web server passwords. VULNERABILITY CHARACTERIZATION VULNERABILITY OVERVIEW. Siemens estimates that these products are used primarily in the United States and Europe with a small percentage in Asia. This software is deployed across several sectors including Chemical, Energy, Food and Agriculture, and Water and Wastewater Systems. Win10-Support for TIA Portal V14 SP1 incl. Freely editable comments for array and UDT New functions for the operability TIA updater: Fast mass update. The affected product, SIMATIC Step 7 (TIA Portal), is engineering software for SIMATIC products. BACKGROUND Siemens is a multinational company headquartered in Munich, Germany. NCCIC/ICS-CERT recommends that organizations evaluate the impact of these vulnerabilities based on their operational environment, architecture, and product implementation. Impact to individual organizations depends on many factors that are unique to each organization. The other allows a user with local access the ability to reconstruct passwords.
SIEMENS STEP 7 V13 UPGRADE UPDATE
AFFECTED PRODUCTS - Begin Update A Part 1 of 2 - Siemens reports that the vulnerabilities affect the following versions of SIMATIC STEP 7 (TIA Portal): SIMATIC STEP 7 (TIA Portal) V13: All versions prior to V13 SP1 Upd1 SIMATIC STEP 7 (TIA Portal) V12: All versions prior to V12 SP1 Upd5 - End Update A Part 1 of 2 - IMPACT One vulnerability could allow for a successful man-in-the-middle attack, allowing the attacker to view and modify data sent between the user and the system. One of the vulnerabilities is remotely exploitable. These vulnerabilities were initially disclosed to Siemens by the Quarkslab team and Dmitry Sklyarov with PT-Security.
SIEMENS STEP 7 V13 UPGRADE PATCH
Siemens has produced a patch that mitigates these vulnerabilities. Siemens has identified two vulnerabilities in its SIMATIC STEP 7 (TIA Portal). OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-15-050-01 Siemens SIMATIC STEP 7 TIA Portal Vulnerabilities that was published February 19, 2015, on the NCCIC/ICS-CERT web site.