PT-2015-13: Unauthorized Access in Siemens SIMATIC HMI Devices Vulnerable softwareSiemens SIMATIC HMI Basic Panels 2nd Generation Siemens SIMATIC HMI Comfort Panels Siemens SIMATIC WinCC Runtime Advanced Siemens SIMATIC WinCC Runtime Professional Siemens SIMATIC HMI Basic Panels 1st Generation Siemens SIMATIC HMI Mobile Panel 277 Siemens SIMATIC HMI Multi Panels Siemens SIMATIC WinCC (TIA Portal) Version: 13 SP1 Upd1 and earlierSiemens SIMATIC WinCC Версия: 7.3 Upd3 and earlierLink: http://www.siemens.com/Severity levelSeverity level: Medium Impact: Unauthorized Access Access Vector: Remote CVSS v2: Base Score: 6.8 Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P)CVE: CVE-2015-2823Software descriptionSIMATIC HMI Panels and SIMATIC WinCC Runtime Advanced are used for operator control and monitoring of machines and plants.Vulnerability descriptionThe specialists of the Positive Research center have detected a Unauthorized Access vulnerability in Siemens SIMATIC HMI Devices.The vulnerability allows remote attackers to obtain password hashes for SIMATIC WinCC users and complete authentication.How to fixUpdate your sofware up to the latest versionAdvisory status 22.04.2014 - Vendor gets vulnerability details 08.04.2015 - Vendor releases fixed version and details 23.07.2015 - Public disclosureCreditsThe vulnerability was detected by Ilya Karpov, Positive Research Center (Positive Technologies Company)References http://en.securitylab.ru/lab/PT-2015-13 http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-487246.pdf Reports on the vulnerabilities previously discovered by Positive Research:http://www.ptsecurity.com/research/advisory/ http://en.securitylab.ru/lab/