CVE-2015-2823

Severity CVSS v4.0:

Pending analysis

Type:

CWE-287 Authentication Issues

Publication date:

08/04/2015

Last modified:

12/04/2025

Description

Siemens SIMATIC HMI Basic Panels 2nd Generation before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC HMI Comfort Panels before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC WinCC Runtime Advanced before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC WinCC Runtime Professional before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC HMI Basic Panels 1st Generation (WinCC TIA Portal), SIMATIC HMI Mobile Panel 277 (WinCC TIA Portal), SIMATIC HMI Multi Panels (WinCC TIA Portal), and SIMATIC WinCC 7.x before 7.3 Upd4 allow remote attackers to complete authentication by leveraging knowledge of a password hash without knowledge of the associated password.

Impact

Vector 2.0

AV:N/AC:M/Au:N/C:P/I:P/A:P CVSS v2.0 Severity and Metrics:

Base Score: 6.80 MEDIUM
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Attack Vector (AV): Network
Attack Complexity (AC): Medium
Authentication (Au): None
Confidentiality (C): Physical
Integrity (I): Physical
Availability (A): Physical

Base Score 2.0

6.80

Severity 2.0

MEDIUM

Vulnerable products and versions

CPE	From	Up to
cpe:2.3:a:siemens:wincc:7.0:::::::*
cpe:2.3:a:siemens:wincc:7.1:::::::*
cpe:2.3:a:siemens:wincc:7.2:::::::*
cpe:2.3:a:siemens:wincc:7.3:::::::*
cpe:2.3:a:siemens:wincc::sp1::::::*		13.0 (including)
cpe:2.3:a:siemens:wincc::sp1:::advanced:::		13.0 (including)
cpe:2.3:h:siemens:simatic_hmi_basic_panels_generation_1::::::::
cpe:2.3:h:siemens:simatic_hmi_basic_panels_generation_2::::::::
cpe:2.3:h:siemens:simatic_hmi_comfort_panels::::::::
cpe:2.3:h:siemens:simatic_hmi_mobile_panel_277::::::::
cpe:2.3:h:siemens:simatic_hmi_multi_panels::::::::

To consult the complete list of CPE names with products and versions, see this page

CPE	From	Up to
cpe:2.3:a:siemens:wincc:7.0:::::::*
cpe:2.3:a:siemens:wincc:7.1:::::::*
cpe:2.3:a:siemens:wincc:7.2:::::::*
cpe:2.3:a:siemens:wincc:7.3:::::::*
cpe:2.3:a:siemens:wincc::sp1::::::*		13.0 (including)
cpe:2.3:a:siemens:wincc::sp1:::advanced:::		13.0 (including)
cpe:2.3:h:siemens:simatic_hmi_basic_panels_generation_1::::::::
cpe:2.3:h:siemens:simatic_hmi_basic_panels_generation_2::::::::
cpe:2.3:h:siemens:simatic_hmi_comfort_panels::::::::
cpe:2.3:h:siemens:simatic_hmi_mobile_panel_277::::::::
cpe:2.3:h:siemens:simatic_hmi_multi_panels::::::::

CVE-2015-2823

Description

Impact

Vulnerable products and versions

References to Advisories, Solutions, and Tools