CVE-2014-4686

Name of the Vulnerable Software and Affected Versions Siemens SIMATIC WinCC versions prior to 7.3

Description The issue concerns a hardcoded encryption key in the Project administration application. This allows remote attackers to obtain sensitive information by extracting the key from another product installation and then using it to sniff network traffic on TCP port 1030. The vulnerability can be exploited to elevate privileges in the WinCC Project Administration application, given that an attacker can intercept data transmitted by an authorized user over the network through port 1030/tcp.

Recommendations For versions prior to 7.3, update to version 7.3 or later to resolve the issue. As a temporary workaround, consider restricting access to TCP port 1030 to minimize the risk of exploitation.