Main Vulnerability Database SB2019051418

SB2019051418 - Unprotected storage of credentials in Siemens LOGO!

Published: May 14, 2019 Updated: June 19, 2019

Security Bulletin ID SB2019051418

Severity

High

Patch available

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Unprotected storage of credentials (CVE-ID: CVE-2019-10921)

The vulnerability allows to remote attacker to obtain passwords of the device.

The vulnerability exists due to unencrypted storage of passwords in the project. A remote attacker with access to port 10005/tcp can gain access to configured passwords as cleartext.

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References

https://cert-portal.siemens.com/productcert/pdf/ssa-542701.pdf