Unquoted Service Path Vulnerability in Siemens Industrial Software Products
CVE-2016-7165

6.4MEDIUM

Key Information:

Vendor

Siemens
Status
Simatic Wincc
Simatic Wincc Runtime
Simatic Wincc \(tia Portal\)
Simit
Vendor
CVE Published:
15 November 2016

What is CVE-2016-7165?

A vulnerability exists in multiple Siemens industrial software products due to unquoted service paths. If these products are not installed in their default directory ('C:\Program Files*' or its localized equivalent), local users of the Microsoft Windows operating system may escalate their privileges, potentially leading to unauthorized access and control over the affected software. This affects a wide range of Siemens applications, making it essential for users to review and configure their installation paths to enhance security.

References

https://ics-cert.us-cert.gov/advisories/ICSA-16-313-02
x_refsource_MISC
http://securityaffairs.co/wordpress/53266/security/cve-20...
x_refsource_MISC
http://www.securityfocus.com/bid/94158
vdb-entryx_refsource_BID

CVSS V3.1

Score:
6.4
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.