Details of VAR-E-201108-0177

ID

VAR-E-201108-0177

TITLE

Siemens SIMATIC S7-300 Hardcoded Credentials Security Bypass Vulnerability

Trust: 0.3

sources: BID: 48984

DESCRIPTION

Siemens SIMATIC S7-300 is prone to a security-bypass vulnerability caused by hard-coded credentials.
Successful attacks can allow a remote attacker to gain access to the vulnerable device.

Trust: 0.3

sources: BID: 48984

AFFECTED PRODUCTS

vendor:

siemens

model:

simatic s7-300

scope:

version:

Trust: 0.3

sources: BID: 48984

EXPLOIT

An attacker can carry out this attack using readily available network utilities.

Trust: 0.3

sources: BID: 48984

PRICE

Free

Trust: 0.3

sources: BID: 48984

TYPE

Design Error

Trust: 0.3

sources: BID: 48984

CREDITS

Dillion Beresford

Trust: 0.3

sources: BID: 48984

EXTERNAL IDS

db:	ICS CERT ALERT	id:	ICS-ALERT-11-204-01B	Trust: 0.3
db:	BID	id:	48984	Trust: 0.3

sources: BID: 48984

REFERENCES

url:	http://www.us-cert.gov/control_systems/pdf/ics-alert-11-204-01b.pdf	Trust: 0.3
url:	http://threatpost.com/en_us/blogs/black-hat-remote-dos-backdoor-easter-egg-among-newly-discovered-siemens-holes-080311	Trust: 0.3

sources: BID: 48984

SOURCES

db:

BID

id:

48984

LAST UPDATE DATE

2022-07-27T09:52:24.729000+00:00

SOURCES UPDATE DATE

db:

BID

id:

48984

date:

2011-08-03T00:00:00

SOURCES RELEASE DATE

db:

BID

id:

48984

date:

2011-08-03T00:00:00