How severe is CVE-2018-13811?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.5 out of 10.

What type of vulnerability is CVE-2018-13811?

This is classified as CWE-916, which is a common weakness in software security.

CVE-2018-13811 - MEDIUM Severity | CVSS 5.5

Vulnerability Description

A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) (All Versions < V15.1). Password hashes with insufficient computational effort could allow an attacker to access to a project file and reconstruct passwords. The vulnerability could be exploited by an attacker with local access to the project file. No user interaction is required to exploit the vulnerability. The vulnerability could allow the attacker to obtain certain passwords from the project. At the time of advisory publication no public exploitation of this vulnerability was known.

Related Vulnerabilities

CVE-2006-1058

MEDIUM

CVSS:5.5(Medium)

BusyBox 1.1.1 does not use a salt when generating passwords, which makes it easier for local users to guess passwords from a stolen password file using techniques such as rainbow tables.

CWE-9162006

CVE-2014-0083

MEDIUM

CVSS:5.5(Medium)

The Ruby net-ldap gem before 0.11 uses a weak salt when generating SSHA passwords.

CWE-9162014

CVE-2020-10040

MEDIUM

CVSS:5.5(Medium)

A vulnerability has been identified in SICAM MMU (All versions < V2.05), SICAM SGU (All versions), SICAM T (All versions < V2.18). An attacker with local access to the device might be able to retrieve...

CWE-9162020

CVE-2020-10538

MEDIUM

CVSS:5.5(Medium)

An issue was discovered in Epikur before 20.1.1. It stores the secret passwords of the users as MD5 hashes in the database. MD5 can be brute-forced efficiently and should not be used for such purposes...

CWE-9162020

CVE-2021-33003

MEDIUM

CVSS:5.5(Medium)

Delta Electronics DIAEnergie Version 1.7.5 and prior may allow an attacker to retrieve passwords in cleartext due to a weak hashing algorithm.

CWE-9162021

CVE-2019-20575

MEDIUM

CVSS:5.4(Medium)

An issue was discovered on Samsung mobile devices with P(9.0) software. The WPA3 handshake feature allows a downgrade or dictionary attack. The Samsung ID is SVE-2019-14204 (August 2019).

CWE-9162019