Vulnerabilites related to siemens - processsuite
var-201212-0033
Vulnerability from variot
Invensys Wonderware InTouch 2012 R2 and earlier and Siemens ProcessSuite use a weak encryption algorithm for data in Ps_security.ini, which makes it easier for local users to discover passwords by reading this file. Siemens ProcessSuite/Invensys Wonderware InTouch is the distributed control system \"APACS\". ProcessSuite is mostly used in manufacturing, oil and gas, and chemical fields. InTouch is an HMI software. Since the user management system containing the password is stored in the file \"Ps_security.ini\" in a reversible format, users with read access can exploit this vulnerability to obtain password information and log in as a privileged user, affecting system integrity, availability, and confidentiality. Successful attacks can allow a local attacker to gain unauthorized access to the password file. Information obtained may lead to further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201212-0033",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "processsuite",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": null
},
{
"model": "processsuite",
"scope": null,
"trust": 1.4,
"vendor": "siemens",
"version": null
},
{
"model": "wonderware intouch",
"scope": "lte",
"trust": 1.0,
"vendor": "invensys",
"version": "2012"
},
{
"model": "intouch",
"scope": "lte",
"trust": 0.8,
"vendor": "invensys",
"version": "2012 r2"
},
{
"model": "intouch r2",
"scope": "lte",
"trust": 0.6,
"vendor": "wonderware",
"version": "\u003c=2012"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "wonderware intouch",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "processsuite",
"version": null
},
{
"model": "processsuite",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "wonderware intouch r2",
"scope": "eq",
"trust": 0.3,
"vendor": "invensys",
"version": "2012"
}
],
"sources": [
{
"db": "IVD",
"id": "2bdb356a-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "2d9d0cc0-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-7479"
},
{
"db": "BID",
"id": "56934"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-005760"
},
{
"db": "CNNVD",
"id": "CNNVD-201212-204"
},
{
"db": "NVD",
"id": "CVE-2012-4693"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:invensys:intouch",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:siemens:processsuite",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-005760"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Seth Bromberger of NCI Security",
"sources": [
{
"db": "BID",
"id": "56934"
},
{
"db": "CNNVD",
"id": "CNNVD-201212-204"
}
],
"trust": 0.9
},
"cve": "CVE-2012-4693",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 1.9,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.4,
"id": "CVE-2012-4693",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 1.8,
"vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 1.9,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.4,
"id": "2bdb356a-2353-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.2,
"vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 1.9,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.4,
"id": "2d9d0cc0-2353-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.2,
"vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 1.9,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.4,
"id": "VHN-57974",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:L/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2012-4693",
"trust": 1.0,
"value": "LOW"
},
{
"author": "NVD",
"id": "CVE-2012-4693",
"trust": 0.8,
"value": "Low"
},
{
"author": "CNNVD",
"id": "CNNVD-201212-204",
"trust": 0.6,
"value": "LOW"
},
{
"author": "IVD",
"id": "2bdb356a-2353-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "LOW"
},
{
"author": "IVD",
"id": "2d9d0cc0-2353-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-57974",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "2bdb356a-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "2d9d0cc0-2353-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-57974"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-005760"
},
{
"db": "CNNVD",
"id": "CNNVD-201212-204"
},
{
"db": "NVD",
"id": "CVE-2012-4693"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Invensys Wonderware InTouch 2012 R2 and earlier and Siemens ProcessSuite use a weak encryption algorithm for data in Ps_security.ini, which makes it easier for local users to discover passwords by reading this file. Siemens ProcessSuite/Invensys Wonderware InTouch is the distributed control system \\\"APACS\\\". ProcessSuite is mostly used in manufacturing, oil and gas, and chemical fields. InTouch is an HMI software. Since the user management system containing the password is stored in the file \\\"Ps_security.ini\\\" in a reversible format, users with read access can exploit this vulnerability to obtain password information and log in as a privileged user, affecting system integrity, availability, and confidentiality. \nSuccessful attacks can allow a local attacker to gain unauthorized access to the password file. Information obtained may lead to further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-4693"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-005760"
},
{
"db": "CNVD",
"id": "CNVD-2012-7479"
},
{
"db": "BID",
"id": "56934"
},
{
"db": "IVD",
"id": "2bdb356a-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "2d9d0cc0-2353-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-57974"
}
],
"trust": 2.88
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-4693",
"trust": 3.8
},
{
"db": "ICS CERT",
"id": "ICSA-12-348-01",
"trust": 3.1
},
{
"db": "SIEMENS",
"id": "SSA-370812",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-201212-204",
"trust": 1.1
},
{
"db": "CNVD",
"id": "CNVD-2012-7479",
"trust": 1.0
},
{
"db": "BID",
"id": "56934",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2012-005760",
"trust": 0.8
},
{
"db": "IVD",
"id": "2BDB356A-2353-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "2D9D0CC0-2353-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-57974",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "2bdb356a-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "2d9d0cc0-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-7479"
},
{
"db": "VULHUB",
"id": "VHN-57974"
},
{
"db": "BID",
"id": "56934"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-005760"
},
{
"db": "CNNVD",
"id": "CNNVD-201212-204"
},
{
"db": "NVD",
"id": "CVE-2012-4693"
}
]
},
"id": "VAR-201212-0033",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "2bdb356a-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "2d9d0cc0-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-7479"
},
{
"db": "VULHUB",
"id": "VHN-57974"
}
],
"trust": 1.74760684
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "2bdb356a-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "2d9d0cc0-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-7479"
}
]
},
"last_update_date": "2024-11-23T21:55:45.874000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://iom.invensys.com/EN/Pages/home.aspx"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.siemens.com/entry/cc/en/"
},
{
"title": "SSA-370812: Insecure Password Storage in Siemens ProcessSuite (discontinued product)",
"trust": 0.8,
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-370812.pdf"
},
{
"title": "Wonderware \u65e5\u672c\u306e\u30d1\u30fc\u30c8\u30ca\u30fc",
"trust": 0.8,
"url": "http://global.wonderware.com/JP/Pages/JpPartnersSI.aspx"
},
{
"title": "\u30b7\u30fc\u30e1\u30f3\u30b9\u30bd\u30ea\u30e5\u30fc\u30b7\u30e7\u30f3\u30d1\u30fc\u30c8\u30ca\u30fc",
"trust": 0.8,
"url": "http://www.automation.siemens.com/automation/jp/ja/solutionpartner/pages/default.aspx"
},
{
"title": "\u30b7\u30fc\u30e1\u30f3\u30b9\u30fb\u30b8\u30e3\u30d1\u30f3\u682a\u5f0f\u4f1a\u793e",
"trust": 0.8,
"url": "http://www.siemens.com/answers/jp/ja/"
},
{
"title": "Wonderware Top Page",
"trust": 0.8,
"url": "http://global.wonderware.com/JP/pages/default.aspx"
},
{
"title": "Siemens ProcessSuite/Invensys Wonderware InTouch Local Information Disclosure Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/26553"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-7479"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-005760"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-310",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-57974"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-005760"
},
{
"db": "NVD",
"id": "CVE-2012-4693"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-348-01.pdf"
},
{
"trust": 1.7,
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-370812.pdf"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-4693"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-4693"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/56934"
},
{
"trust": 0.3,
"url": "http://subscriber.communications.siemens.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-7479"
},
{
"db": "VULHUB",
"id": "VHN-57974"
},
{
"db": "BID",
"id": "56934"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-005760"
},
{
"db": "CNNVD",
"id": "CNNVD-201212-204"
},
{
"db": "NVD",
"id": "CVE-2012-4693"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "2bdb356a-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "2d9d0cc0-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-7479"
},
{
"db": "VULHUB",
"id": "VHN-57974"
},
{
"db": "BID",
"id": "56934"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-005760"
},
{
"db": "CNNVD",
"id": "CNNVD-201212-204"
},
{
"db": "NVD",
"id": "CVE-2012-4693"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-12-17T00:00:00",
"db": "IVD",
"id": "2bdb356a-2353-11e6-abef-000c29c66e3d"
},
{
"date": "2012-12-17T00:00:00",
"db": "IVD",
"id": "2d9d0cc0-2353-11e6-abef-000c29c66e3d"
},
{
"date": "2012-12-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-7479"
},
{
"date": "2012-12-18T00:00:00",
"db": "VULHUB",
"id": "VHN-57974"
},
{
"date": "2012-12-13T00:00:00",
"db": "BID",
"id": "56934"
},
{
"date": "2012-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-005760"
},
{
"date": "2012-12-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201212-204"
},
{
"date": "2012-12-18T12:30:05.857000",
"db": "NVD",
"id": "CVE-2012-4693"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-12-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-7479"
},
{
"date": "2012-12-19T00:00:00",
"db": "VULHUB",
"id": "VHN-57974"
},
{
"date": "2012-12-13T00:00:00",
"db": "BID",
"id": "56934"
},
{
"date": "2012-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-005760"
},
{
"date": "2012-12-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201212-204"
},
{
"date": "2024-11-21T01:43:22.090000",
"db": "NVD",
"id": "CVE-2012-4693"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "56934"
},
{
"db": "CNNVD",
"id": "CNNVD-201212-204"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens ProcessSuite/Invensys Wonderware InTouch Local Information Disclosure Vulnerability",
"sources": [
{
"db": "IVD",
"id": "2bdb356a-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "2d9d0cc0-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-7479"
},
{
"db": "CNNVD",
"id": "CNNVD-201212-204"
}
],
"trust": 1.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201212-204"
}
],
"trust": 0.6
}
}
Vulnerability from fkie_nvd
Published
2012-12-18 12:30
Modified
2025-04-11 00:51
Severity ?
Summary
Invensys Wonderware InTouch 2012 R2 and earlier and Siemens ProcessSuite use a weak encryption algorithm for data in Ps_security.ini, which makes it easier for local users to discover passwords by reading this file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| invensys | wonderware_intouch | * | |
| siemens | processsuite | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:invensys:wonderware_intouch:*:r2:*:*:*:*:*:*",
"matchCriteriaId": "AC170EC3-5D1F-4819-9E8F-30616BCCEFBF",
"versionEndIncluding": "2012",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:processsuite:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CBAE74DA-2EB4-4FF4-9058-DB87A68A5465",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Invensys Wonderware InTouch 2012 R2 and earlier and Siemens ProcessSuite use a weak encryption algorithm for data in Ps_security.ini, which makes it easier for local users to discover passwords by reading this file."
},
{
"lang": "es",
"value": "nvensys Wonderware InTouch R2 2012 y anteriores y ProcessSuite Siemens utilizan un algoritmo de cifrado d\u00e9bil para los datos en Ps_security.ini, lo que hace que sea m\u00e1s f\u00e1cil para los usuarios locales descubrir contrase\u00f1as mediante la lectura de este archivo."
}
],
"id": "CVE-2012-4693",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 1.9,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-12-18T12:30:05.857",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Vendor Advisory"
],
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-370812.pdf"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-348-01.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-370812.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-348-01.pdf"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2012-4693 (GCVE-0-2012-4693)
Vulnerability from cvelistv5
Published
2012-12-18 11:00
Modified
2024-09-16 20:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Invensys Wonderware InTouch 2012 R2 and earlier and Siemens ProcessSuite use a weak encryption algorithm for data in Ps_security.ini, which makes it easier for local users to discover passwords by reading this file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-370812.pdf | x_refsource_CONFIRM | |
| http://www.us-cert.gov/control_systems/pdf/ICSA-12-348-01.pdf | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:42:55.144Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-370812.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-348-01.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Invensys Wonderware InTouch 2012 R2 and earlier and Siemens ProcessSuite use a weak encryption algorithm for data in Ps_security.ini, which makes it easier for local users to discover passwords by reading this file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-12-18T11:00:00Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-370812.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-348-01.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2012-4693",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Invensys Wonderware InTouch 2012 R2 and earlier and Siemens ProcessSuite use a weak encryption algorithm for data in Ps_security.ini, which makes it easier for local users to discover passwords by reading this file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-370812.pdf",
"refsource": "CONFIRM",
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-370812.pdf"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-348-01.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-348-01.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2012-4693",
"datePublished": "2012-12-18T11:00:00Z",
"dateReserved": "2012-08-28T00:00:00Z",
"dateUpdated": "2024-09-16T20:57:49.398Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}