CVE-2018-13811

Name of the Vulnerable Software and Affected Versions SIMATIC STEP 7 (TIA Portal) versions prior to V15.1

Description A vulnerability has been identified that could allow an attacker to access a project file and reconstruct passwords due to password hashes with insufficient computational effort. The issue can be exploited by an attacker with local access to the project file, requiring no user interaction. This could enable the attacker to obtain certain passwords from the project. At the time of advisory publication, no public exploitation of this issue was known.

Recommendations For versions prior to V15.1, update to version V15.1 or later to resolve the issue. As a temporary workaround, consider restricting access to project files to minimize the risk of exploitation.