Skip to main content

Wonderware Intouch CVE-2012-4693

LOW
Cryptographic Issues (CWE-310)
2012-12-18 ics-cert@hq.dhs.gov
1.9
CVSS 2.0 · NVD

Severity by source

NVD PRIMARY
1.9 LOW
AV:L/AC:M/Au:N/C:P/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:L/AC:M/Au:N/C:P/I:N/A:N
Attack Vector
Local
Attack Complexity
M
Confidentiality
P
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Dec 18, 2012 - 12:30 cve.org
LOW 1.9

DescriptionCVE.org

Invensys Wonderware InTouch 2012 R2 and earlier and Siemens ProcessSuite use a weak encryption algorithm for data in Ps_security.ini, which makes it easier for local users to discover passwords by reading this file.

AnalysisAI

Invensys Wonderware InTouch 2012 R2 and earlier and Siemens ProcessSuite use a weak encryption algorithm for data in Ps_security.ini, which makes it easier for local users to discover passwords by. Rated low severity (CVSS 1.9). No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-310. Invensys Wonderware InTouch 2012 R2 and earlier and Siemens ProcessSuite use a weak encryption algorithm for data in Ps_security.ini, which makes it easier for local users to discover passwords by reading this file. Affected products include: Invensys Wonderware Intouch, Siemens Processsuite.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

Share

CVE-2012-4693 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy