CVE-2014-1696

Name of the Vulnerable Software and Affected Versions Siemens SIMATIC WinCC OA versions prior to 3.12 P002 January

Description The issue is related to the use of a weak hash algorithm for passwords, making it easier for remote attackers to obtain access via a brute-force attack. This weakness allows an attacker to potentially elevate their privileges using a full brute-force method.

Recommendations For versions prior to 3.12 P002 January, update to version 3.12 P002 January or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive areas of the system to minimize the risk of exploitation. Avoid using weak passwords and consider implementing additional security measures to prevent brute-force attacks.