CVE-2011-4515

Name of the Vulnerable Software and Affected Versions Siemens WinCC (TIA Portal) version 11

Description The issue allows local users to obtain sensitive information by leveraging physical access or Sm@rt Server access, due to the use of a reversible algorithm for storing HMI web-application passwords in world-readable and world-writable files.

Recommendations For version 11, consider restricting access to the world-readable and world-writable files to minimize the risk of exploitation. As a temporary workaround, limit physical access and Sm@rt Server access to the system until a more secure password storage mechanism is implemented.