CVE-2018-13811 is a vulnerability in Siemens Simatic Step 7 Tia Portal
Published on December 13, 2018
A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) (All Versions < V15.1). Password hashes with insufficient computational effort could allow an attacker to access to a project file and reconstruct passwords. The vulnerability could be exploited by an attacker with local access to the project file. No user interaction is required to exploit the vulnerability. The vulnerability could allow the attacker to obtain certain passwords from the project. At the time of advisory publication no public exploitation of this vulnerability was known.
Weakness Type
Use of Password Hash With Insufficient Computational Effort
The software generates a hash for a password, but it uses a scheme that does not provide a sufficient level of computational effort that would make password cracking attacks infeasible or expensive.
Products Associated with CVE-2018-13811
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2018-13811 are published in Siemens Simatic Step 7 Tia Portal:
Affected Versions
Siemens AG SIMATIC STEP 7 (TIA Portal) Version SIMATIC STEP 7 (TIA Portal) : All Versions < V15.1 is affected by CVE-2018-13811Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.