CVE-2015-1355

low

Published 2015-02-18 · Modified 2026-05-06

CVSS v3

—

CVSS v2

2.1

VIR risk

2.1

Description

Siemens SIMATIC STEP 7 (TIA Portal) before 13 SP1 uses a weak password-hash algorithm, which makes it easier for local users to determine cleartext passwords by reading a project file and conducting a brute-force attack.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-234789.pdf

Application impact

Vendor	Product	Versions	Fixed
siemens	simatic_step_7	`{"endIncluding":"13.0"}`

References

http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-234789.pdf
http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-234789.pdf

CWEs

CWE-310

Verify integrity in audit chain (admin only). AS-IS.