Search criteria
4 vulnerabilities found for processsuite by siemens
VAR-201212-0033
Vulnerability from variot - Updated: 2023-12-18 13:04Invensys Wonderware InTouch 2012 R2 and earlier and Siemens ProcessSuite use a weak encryption algorithm for data in Ps_security.ini, which makes it easier for local users to discover passwords by reading this file. Siemens ProcessSuite/Invensys Wonderware InTouch is the distributed control system \"APACS\". ProcessSuite is mostly used in manufacturing, oil and gas, and chemical fields. InTouch is an HMI software. Since the user management system containing the password is stored in the file \"Ps_security.ini\" in a reversible format, users with read access can exploit this vulnerability to obtain password information and log in as a privileged user, affecting system integrity, availability, and confidentiality. Successful attacks can allow a local attacker to gain unauthorized access to the password file. Information obtained may lead to further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201212-0033",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "processsuite",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": null
},
{
"model": "processsuite",
"scope": null,
"trust": 1.4,
"vendor": "siemens",
"version": null
},
{
"model": "wonderware intouch",
"scope": "lte",
"trust": 1.0,
"vendor": "invensys",
"version": "2012"
},
{
"model": "intouch",
"scope": "lte",
"trust": 0.8,
"vendor": "invensys",
"version": "2012 r2"
},
{
"model": "intouch r2",
"scope": "lte",
"trust": 0.6,
"vendor": "wonderware",
"version": "\u003c=2012"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "wonderware intouch",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "processsuite",
"version": null
},
{
"model": "processsuite",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "wonderware intouch r2",
"scope": "eq",
"trust": 0.3,
"vendor": "invensys",
"version": "2012"
}
],
"sources": [
{
"db": "IVD",
"id": "2bdb356a-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "2d9d0cc0-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-7479"
},
{
"db": "BID",
"id": "56934"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-005760"
},
{
"db": "NVD",
"id": "CVE-2012-4693"
},
{
"db": "CNNVD",
"id": "CNNVD-201212-204"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:processsuite:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:invensys:wonderware_intouch:*:r2:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2012",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2012-4693"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Seth Bromberger of NCI Security",
"sources": [
{
"db": "BID",
"id": "56934"
},
{
"db": "CNNVD",
"id": "CNNVD-201212-204"
}
],
"trust": 0.9
},
"cve": "CVE-2012-4693",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 1.9,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.4,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 1.9,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2012-4693",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 1.9,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.4,
"id": "2bdb356a-2353-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.2,
"vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 1.9,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.4,
"id": "2d9d0cc0-2353-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.2,
"vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 1.9,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.4,
"id": "VHN-57974",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:L/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2012-4693",
"trust": 1.8,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201212-204",
"trust": 0.6,
"value": "LOW"
},
{
"author": "IVD",
"id": "2bdb356a-2353-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "LOW"
},
{
"author": "IVD",
"id": "2d9d0cc0-2353-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-57974",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "2bdb356a-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "2d9d0cc0-2353-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-57974"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-005760"
},
{
"db": "NVD",
"id": "CVE-2012-4693"
},
{
"db": "CNNVD",
"id": "CNNVD-201212-204"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Invensys Wonderware InTouch 2012 R2 and earlier and Siemens ProcessSuite use a weak encryption algorithm for data in Ps_security.ini, which makes it easier for local users to discover passwords by reading this file. Siemens ProcessSuite/Invensys Wonderware InTouch is the distributed control system \\\"APACS\\\". ProcessSuite is mostly used in manufacturing, oil and gas, and chemical fields. InTouch is an HMI software. Since the user management system containing the password is stored in the file \\\"Ps_security.ini\\\" in a reversible format, users with read access can exploit this vulnerability to obtain password information and log in as a privileged user, affecting system integrity, availability, and confidentiality. \nSuccessful attacks can allow a local attacker to gain unauthorized access to the password file. Information obtained may lead to further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-4693"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-005760"
},
{
"db": "CNVD",
"id": "CNVD-2012-7479"
},
{
"db": "BID",
"id": "56934"
},
{
"db": "IVD",
"id": "2bdb356a-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "2d9d0cc0-2353-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-57974"
}
],
"trust": 2.88
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-4693",
"trust": 3.8
},
{
"db": "ICS CERT",
"id": "ICSA-12-348-01",
"trust": 3.1
},
{
"db": "SIEMENS",
"id": "SSA-370812",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-201212-204",
"trust": 1.1
},
{
"db": "CNVD",
"id": "CNVD-2012-7479",
"trust": 1.0
},
{
"db": "BID",
"id": "56934",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2012-005760",
"trust": 0.8
},
{
"db": "IVD",
"id": "2BDB356A-2353-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "2D9D0CC0-2353-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-57974",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "2bdb356a-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "2d9d0cc0-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-7479"
},
{
"db": "VULHUB",
"id": "VHN-57974"
},
{
"db": "BID",
"id": "56934"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-005760"
},
{
"db": "NVD",
"id": "CVE-2012-4693"
},
{
"db": "CNNVD",
"id": "CNNVD-201212-204"
}
]
},
"id": "VAR-201212-0033",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "2bdb356a-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "2d9d0cc0-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-7479"
},
{
"db": "VULHUB",
"id": "VHN-57974"
}
],
"trust": 1.74760684
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "2bdb356a-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "2d9d0cc0-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-7479"
}
]
},
"last_update_date": "2023-12-18T13:04:16.653000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://iom.invensys.com/en/pages/home.aspx"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.siemens.com/entry/cc/en/"
},
{
"title": "SSA-370812: Insecure Password Storage in Siemens ProcessSuite (discontinued product)",
"trust": 0.8,
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-370812.pdf"
},
{
"title": "Wonderware \u65e5\u672c\u306e\u30d1\u30fc\u30c8\u30ca\u30fc",
"trust": 0.8,
"url": "http://global.wonderware.com/jp/pages/jppartnerssi.aspx"
},
{
"title": "\u30b7\u30fc\u30e1\u30f3\u30b9\u30bd\u30ea\u30e5\u30fc\u30b7\u30e7\u30f3\u30d1\u30fc\u30c8\u30ca\u30fc",
"trust": 0.8,
"url": "http://www.automation.siemens.com/automation/jp/ja/solutionpartner/pages/default.aspx"
},
{
"title": "\u30b7\u30fc\u30e1\u30f3\u30b9\u30fb\u30b8\u30e3\u30d1\u30f3\u682a\u5f0f\u4f1a\u793e",
"trust": 0.8,
"url": "http://www.siemens.com/answers/jp/ja/"
},
{
"title": "Wonderware Top Page",
"trust": 0.8,
"url": "http://global.wonderware.com/jp/pages/default.aspx"
},
{
"title": "Siemens ProcessSuite/Invensys Wonderware InTouch Local Information Disclosure Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/26553"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-7479"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-005760"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-310",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-57974"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-005760"
},
{
"db": "NVD",
"id": "CVE-2012-4693"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-348-01.pdf"
},
{
"trust": 1.7,
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-370812.pdf"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-4693"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-4693"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/56934"
},
{
"trust": 0.3,
"url": "http://subscriber.communications.siemens.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-7479"
},
{
"db": "VULHUB",
"id": "VHN-57974"
},
{
"db": "BID",
"id": "56934"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-005760"
},
{
"db": "NVD",
"id": "CVE-2012-4693"
},
{
"db": "CNNVD",
"id": "CNNVD-201212-204"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "2bdb356a-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "2d9d0cc0-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-7479"
},
{
"db": "VULHUB",
"id": "VHN-57974"
},
{
"db": "BID",
"id": "56934"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-005760"
},
{
"db": "NVD",
"id": "CVE-2012-4693"
},
{
"db": "CNNVD",
"id": "CNNVD-201212-204"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-12-17T00:00:00",
"db": "IVD",
"id": "2bdb356a-2353-11e6-abef-000c29c66e3d"
},
{
"date": "2012-12-17T00:00:00",
"db": "IVD",
"id": "2d9d0cc0-2353-11e6-abef-000c29c66e3d"
},
{
"date": "2012-12-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-7479"
},
{
"date": "2012-12-18T00:00:00",
"db": "VULHUB",
"id": "VHN-57974"
},
{
"date": "2012-12-13T00:00:00",
"db": "BID",
"id": "56934"
},
{
"date": "2012-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-005760"
},
{
"date": "2012-12-18T12:30:05.857000",
"db": "NVD",
"id": "CVE-2012-4693"
},
{
"date": "2012-12-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201212-204"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-12-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-7479"
},
{
"date": "2012-12-19T00:00:00",
"db": "VULHUB",
"id": "VHN-57974"
},
{
"date": "2012-12-13T00:00:00",
"db": "BID",
"id": "56934"
},
{
"date": "2012-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-005760"
},
{
"date": "2012-12-19T05:00:00",
"db": "NVD",
"id": "CVE-2012-4693"
},
{
"date": "2012-12-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201212-204"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "56934"
},
{
"db": "CNNVD",
"id": "CNNVD-201212-204"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens ProcessSuite/Invensys Wonderware InTouch Local Information Disclosure Vulnerability",
"sources": [
{
"db": "IVD",
"id": "2bdb356a-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "2d9d0cc0-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-7479"
},
{
"db": "CNNVD",
"id": "CNNVD-201212-204"
}
],
"trust": 1.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201212-204"
}
],
"trust": 0.6
}
}
FKIE_CVE-2012-4693
Vulnerability from fkie_nvd - Published: 2012-12-18 12:30 - Updated: 2025-04-11 00:51
Severity ?
Summary
Invensys Wonderware InTouch 2012 R2 and earlier and Siemens ProcessSuite use a weak encryption algorithm for data in Ps_security.ini, which makes it easier for local users to discover passwords by reading this file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| invensys | wonderware_intouch | * | |
| siemens | processsuite | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:invensys:wonderware_intouch:*:r2:*:*:*:*:*:*",
"matchCriteriaId": "AC170EC3-5D1F-4819-9E8F-30616BCCEFBF",
"versionEndIncluding": "2012",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:processsuite:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CBAE74DA-2EB4-4FF4-9058-DB87A68A5465",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Invensys Wonderware InTouch 2012 R2 and earlier and Siemens ProcessSuite use a weak encryption algorithm for data in Ps_security.ini, which makes it easier for local users to discover passwords by reading this file."
},
{
"lang": "es",
"value": "nvensys Wonderware InTouch R2 2012 y anteriores y ProcessSuite Siemens utilizan un algoritmo de cifrado d\u00e9bil para los datos en Ps_security.ini, lo que hace que sea m\u00e1s f\u00e1cil para los usuarios locales descubrir contrase\u00f1as mediante la lectura de este archivo."
}
],
"id": "CVE-2012-4693",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 1.9,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-12-18T12:30:05.857",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Vendor Advisory"
],
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-370812.pdf"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-348-01.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-370812.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-348-01.pdf"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2012-4693 (GCVE-0-2012-4693)
Vulnerability from cvelistv5 – Published: 2012-12-18 11:00 – Updated: 2024-09-16 20:57
VLAI?
Summary
Invensys Wonderware InTouch 2012 R2 and earlier and Siemens ProcessSuite use a weak encryption algorithm for data in Ps_security.ini, which makes it easier for local users to discover passwords by reading this file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:42:55.144Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-370812.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-348-01.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Invensys Wonderware InTouch 2012 R2 and earlier and Siemens ProcessSuite use a weak encryption algorithm for data in Ps_security.ini, which makes it easier for local users to discover passwords by reading this file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-12-18T11:00:00Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-370812.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-348-01.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2012-4693",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Invensys Wonderware InTouch 2012 R2 and earlier and Siemens ProcessSuite use a weak encryption algorithm for data in Ps_security.ini, which makes it easier for local users to discover passwords by reading this file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-370812.pdf",
"refsource": "CONFIRM",
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-370812.pdf"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-348-01.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-348-01.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2012-4693",
"datePublished": "2012-12-18T11:00:00Z",
"dateReserved": "2012-08-28T00:00:00Z",
"dateUpdated": "2024-09-16T20:57:49.398Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-4693 (GCVE-0-2012-4693)
Vulnerability from nvd – Published: 2012-12-18 11:00 – Updated: 2024-09-16 20:57
VLAI?
Summary
Invensys Wonderware InTouch 2012 R2 and earlier and Siemens ProcessSuite use a weak encryption algorithm for data in Ps_security.ini, which makes it easier for local users to discover passwords by reading this file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:42:55.144Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-370812.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-348-01.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Invensys Wonderware InTouch 2012 R2 and earlier and Siemens ProcessSuite use a weak encryption algorithm for data in Ps_security.ini, which makes it easier for local users to discover passwords by reading this file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-12-18T11:00:00Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-370812.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-348-01.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2012-4693",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Invensys Wonderware InTouch 2012 R2 and earlier and Siemens ProcessSuite use a weak encryption algorithm for data in Ps_security.ini, which makes it easier for local users to discover passwords by reading this file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-370812.pdf",
"refsource": "CONFIRM",
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-370812.pdf"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-348-01.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-348-01.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2012-4693",
"datePublished": "2012-12-18T11:00:00Z",
"dateReserved": "2012-08-28T00:00:00Z",
"dateUpdated": "2024-09-16T20:57:49.398Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}