SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Device (Embedded Server/Appliance)  >   Siemens SIMATIC Controller Vendors:   Siemens
Siemens SIMATIC Controller Authentication Bypass Flaw Lets Remote Users Access the Target System
SecurityTracker Alert ID:  1034279
SecurityTracker URL:  http://securitytracker.com/id/1034279
CVE Reference:   CVE-2015-8214   (Links to External Site)
Date:  Dec 2 2015
Impact:   User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   A vulnerability was reported in Siemens SIMATIC Controller. A remote user can gain access to the target system.

A remote user can connect to TCP port 102 to bypass authentication and gain administrative access to the target system.

Systems with the configuration data stored on the CPU are affected.

The following product models are affected:

SIMATIC CP 343-1 Advanced
SIMATIC CP 343-1 Lean
SIMATIX CP 343-1
SIMATIC TIM 3V-IE
SIMATIC TIM 3V-IE Advanced
SIMATIC TIM 3V-IE DNP3
SIMATIC TIM 4R-IE
SIMATIC TIM 4R-IE DNP3
SIMATIC CP 443-1
SIMATIC CP 443-1 Advanced


Impact:   A remote user can gain administrative access to the target system.
Solution:   The vendor has issued a fix (SIMATIC CP 343-1 Advanced V3.0.44).

The vendor is working on a fix for additional affected products.

The vendor's advisory is available at:

http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-763427.pdf

Vendor URL:  www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-763427.pdf (Links to External Site)
Cause:   Access control error

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC