SB2017021406 - Authentication bypass in Siemens SIMATIC Logon
Published: February 14, 2017
Security Bulletin ID
SB2017021406
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Data manipulation
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Authentication bypass (CVE-ID: CVE-2017-2684)
The vulnerability allows a local user to bypass authentication.
The vulnerability exists due to unknown error in SIMATIC Logon application, which is used by multiple SIMATIC products. A local user with access to affected application and knowledge of user name can bypass authentication process and gain unauthorized access to otherwise restricted resources.
The vulnerability affects all products, which use SIMATIC Logon application for authentication:
- SIMATIC IT products
- SIMATIC WinCC
- SIMATIC WinCC Runtime
- SIMATIC PCS 7
- SIMATIC PDM
Remediation
Install update from vendor's website.