Weak Password-Hash Algorithm in Siemens SIMATIC STEP 7 (TIA Portal) Allows for Cleartext Password Retrieval

Weak Password-Hash Algorithm in Siemens SIMATIC STEP 7 (TIA Portal) Allows for Cleartext Password Retrieval

CVE-2015-1355 · LOW Severity

AV:L/AC:L/AU:N/C:P/I:N/A:N

Siemens SIMATIC STEP 7 (TIA Portal) before 13 SP1 uses a weak password-hash algorithm, which makes it easier for local users to determine cleartext passwords by reading a project file and conducting a brute-force attack.

Learn more about our User Device Pen Test.