Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

Short Name

 DB:MS-SQL:WINCC-DEFAULT-PASS

Severity

 Critical

Recommended

 No

Recommended Action

 Drop

Category

 DB

Keywords

 siemens simatic wincc default password mssql sql scada winccconnect stuxnet

Release Date

 2010/07/21

Update Number

 1737

Supported Platforms

 idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

DB: Siemens SIMATIC WinCC Default Password


This signature detects usage of a default account and password supplied with the Siemens SIMATIC WinCC SCADA device management application. Usage of this default account can allow an attacker access to the application's database.

Extended Description

Siemens SIMATIC WinCC is affected by a vulnerability that allows attackers to bypass security. An attacker can exploit this issue to bypass certain security restrictions and gain access to the application's database. Successfully exploiting this issue may lead to further attacks.

Affected Products

  • Siemens SIMATIC WinCC 6.2
  • Siemens SIMATIC WinCC

References

  • BugTraq: 41753
  • CVE: CVE-2010-2772
  • URL: https://www.automation.siemens.com/forum/guests/PostShow.aspx?PostID=16127&Language=en&PageIndex=2
  • URL: http://aunz.siemens.com/NewsCentre/ProductReleases/Pages/IAC_PR_SIMATICWinCCV62.aspx
  • URL: http://it.slashdot.org/comments.pl?sid=1721020&cid=32920758

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out