CVE-2012-4693

Sažetak

Invensys Wonderware InTouch 2012 R2 and earlier and Siemens ProcessSuite use a weak encryption algorithm for data in Ps_security.ini, which makes it easier for local users to discover passwords by reading this file.

Reference

http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-370812.pdf
http://www.us-cert.gov/control_systems/pdf/ICSA-12-348-01.pdf

CVSS

Base:	1.9
Impact:	2.9
Exploitability:	3.4

Pristup

Vektor	Složenost	Autentikacija
LOCAL	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:L/AC:M/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

19-12-2012 - 05:00

Objavljeno

18-12-2012 - 12:30