SSA-526760: Weak Credentials Protection in SIMATIC WinCC flexible
Publication Date 2016-06-08 / Last Update 2016-06-08 / Current Version V1.0 / CVSSv3 Base Score 3.7
SIMATIC WinCC flexible: All versions < WinCC flexible 2008 SP3 Up7
SIMATIC WinCC flexible panels and runtime systems are used for process visualization and control operations.
Detailed information about the vulnerability is provided below.
The vulnerability classification has been performed by using the CVSS scoring system in version 3 (CVSSv3) (http://www.first.org/cvss/). The CVSS environmental score is specific to the customer's environment and will impact the overall CVSS score. The environmental score
should therefore be individually defined by the customer to accomplish final scoring.
Vulnerability Description (CVE-2015-1358)
The remote management module of SIMATIC WinCC flexible panels and SIMATIC WinCC flexible runtime transmits weakly protected credentials over the network.
Attackers capturing network traffic of the remote management module could possibly reconstruct the credentials.
Base Score 3.7
The vulnerability can only be exploited if an attacker is able to capture network traffic of the remote management module from a privileged network position. Siemens recommends operating SIMATIC WinCC flexible panels and runtime systems only within trusted networks .
Siemens provides Update 7 for SIMATIC WinCC flexible 2008 SP3  which fixes the vulnerability and recommends customers to update to the new version.
As a general security measure Siemens strongly recommends to protect network access to devices running SIMATIC WinCC flexible with appropriate mechanisms.
It is advised to configure the environment according to our operational guidelines  in order to run the devices in a protected IT environment.
Siemens thanks Gleb Gritsai and Roman Ilin from Positive Technologies for coordinated disclosure.
 Update 7 for SIMATIC WinCC flexible 2008 SP3 can be obtained here:
 An overview of the operational guidelines for Industrial Security (with the cell protection concept):
 Information about Industrial Security by Siemens:
 For further inquiries on vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: