CERTA-2013-AVI-072
Vulnerability from certfr_avis

Une vulnérabilité a été identifiée dans Siemens S7. Elle concerne le chiffrement lors de l'échange de mots de passe et peut, dans certaines conditions, mener un utilisateur malintentionné à obtenir le mot de passe en clair.

Contournement provisoire

Le CERTA recommande de totalement déconnecter les systèmes concernés d'Internet. Il est également conseillé de limiter les accès aux équipements au moyen de réseaux privés virtuels (VPN) et pare-feux.

Siemens S7

Impacted products
Vendor Product Description
References

Show details on source website

To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eSiemens S7\u003c/P\u003e",
  "content": "## Contournement provisoire\n\nLe CERTA recommande de totalement d\u00e9connecter les syst\u00e8mes concern\u00e9s\nd\u0027Internet. Il est \u00e9galement conseill\u00e9 de limiter les acc\u00e8s aux\n\u00e9quipements au moyen de r\u00e9seaux priv\u00e9s virtuels (VPN) et pare-feux.\n",
  "cves": [],
  "initial_release_date": "2013-01-29T00:00:00",
  "last_revision_date": "2013-01-29T00:00:00",
  "links": [
    {
      "title": "Guide de s\u00e9curit\u00e9 des syst\u00e8mes industriels :",
      "url": "http://www.ssi.gouv.fr/systemsindustriels"
    },
    {
      "title": "Bulletin d\u0027alerte ICS-CERT 13-016-02 du 16 janvier 2013 :",
      "url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-13-016-02.pdf"
    }
  ],
  "reference": "CERTA-2013-AVI-072",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2013-01-29T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 identifi\u00e9e dans \u003cspan class=\"textit\"\u003eSiemens\nS7\u003c/span\u003e. Elle concerne le chiffrement lors de l\u0027\u00e9change de mots de\npasse et peut, dans certaines conditions, mener un utilisateur\nmalintentionn\u00e9 \u00e0 obtenir le mot de passe en clair.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans le syst\u00e8me SCADA Siemens S7",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin d\u0027alerte Siemens 67385048 du 23 janvier 2013",
      "url": "http://support.automation.siemens.com/WW/llisapi.dll?func=cslib.csinfo\u0026lang=en\u0026objid=67385048\u0026caller=view"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.