Untrusted Search Path Vulnerability in Siemens SIMATIC STEP7 Software
CVE-2012-3015

Currently unrated

Key Information:

Vendor: Siemens
Status: Simatic Pcs7; Simatic Step 7
Vendor: CVE Published:; 26 July 2012

Summary

A significant vulnerability in Siemens SIMATIC STEP7, prior to version 5.5 SP1, allows local users to gain elevated privileges. This flaw occurs due to an untrusted search path that could be exploited through the introduction of a malicious DLL within a STEP7 project directory. As a result, this vulnerability poses a risk not only to the integrity of the software but also potentially to the larger control systems utilizing it, enabling unauthorized actions and access.

References

http://www.us-cert.gov/control_systems/pdf/ICSA-12-205-02...

x_refsource_MISC

http://www.siemens.com/corporate-technology/pool/de/forsc...

x_refsource_CONFIRM

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Jul 26, 2012