PT-2015-09: Information Disclosure in Siemens SIMATIC STEP 7 (TIA Portal) Vulnerable softwareSiemens SIMATIC STEP 7 (TIA Portal) Version: 13 and earlierLink: http://www.siemens.com/Severity levelSeverity level: Low Impact: Information Disclosure Access Vector: Local CVSS v2: Base Score: 2.1 Vector: (AV:L/AC:L/Au:N/C:P/I:N/A:N)CVE: CVE-2015-1355Software descriptionSiemens SIMATIC STEP 7 (TIA Portal) is an engineering software to configure and program SIMATIC controllers and Standard PCs running WinAC RTX.Vulnerability descriptionThe specialists of the Positive Research center have detected an Information Disclosure vulnerability in Siemens SIMATIC STEP 7 (TIA Portal).Device user passwords in TIA portal project files are stored using a weak hashing algorithm. Attackers with read access to the project file could possibly reconstruct the passwords for device users.How to fixUpdate your sofware up to the latest versionAdvisory status 21.09.2012 - Vendor gets vulnerability details 13.02.2015 - Vendor releases fixed version and details 25.02.2015 - Public disclosureCreditsThe vulnerability was detected by Alexander Timorin, Positive Research Center (Positive Technologies Company)Referenceshttp://en.securitylab.ru/lab/PT-2015-09 http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-234789.pdf Reports on the vulnerabilities previously discovered by Positive Research:http://www.ptsecurity.com/research/advisory/ http://en.securitylab.ru/lab/