CVE-2012-4693 : Invensys Wonderware InTouch 2012 R2 and earlier and Siemens ProcessSuite use a weak encryption algorithm for data in Ps

Invensys Wonderware InTouch 2012 R2 and earlier and Siemens ProcessSuite use a weak encryption algorithm for data in Ps_security.ini, which makes it easier for local users to discover passwords by reading this file.

Published 2012-12-18 12:30:06

Updated 2012-12-19 05:00:00

Source ICS-CERT

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2012-4693

Probability of exploitation activity in the next 30 days: 0.04%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ % EPSS Score History EPSS FAQ

CVSS scores for CVE-2012-4693

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
1.9	LOW	AV:L/AC:M/Au:N/C:P/I:N/A:N	3.4	2.9	NIST
Access Vector: Local Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None

CWE ids for CVE-2012-4693

CWE-310

Assigned by: nvd@nist.gov (Primary)

References for CVE-2012-4693

http://www.us-cert.gov/control_systems/pdf/ICSA-12-348-01.pdf

404 - File Not Found | CISA
US Government Resource
http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-370812.pdf

Vendor Advisory

Products affected by CVE-2012-4693

Siemens » Processsuite » Version: N/A
cpe:2.3:a:siemens:processsuite:-:*:*:*:*:*:*:*
Matching versions
Invensys » Wonderware Intouch » Update R2
Versions up to, including, (<=) 2012
cpe:2.3:a:invensys:wonderware_intouch:*:r2:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2012-4693

Exploit prediction scoring system (EPSS) score for CVE-2012-4693

CVSS scores for CVE-2012-4693

CWE ids for CVE-2012-4693

References for CVE-2012-4693

Products affected by CVE-2012-4693