Unauthorized Key Exposure in Siemens SIMATIC STEP 7 (TIA Portal)
CVE-2016-7959

4.7MEDIUM

Key Information:

Vendor

Siemens
Status
Simatic Step 7
Vendor
CVE Published:
13 October 2016

What is CVE-2016-7959?

A vulnerability exists in Siemens SIMATIC STEP 7 (TIA Portal) before version 14, where pre-shared key data is improperly stored in project files. This flaw allows local users with access to these files to exploit the system and potentially conduct brute-force attacks to obtain sensitive information, thereby increasing the risk of unauthorized access and data breaches.

References

https://ics-cert.us-cert.gov/advisories/ICSA-16-287-03
x_refsource_MISC
http://www.securityfocus.com/bid/93551
vdb-entryx_refsource_BID
http://www.siemens.com/cert/pool/cert/siemens_security_ad...
x_refsource_CONFIRM

CVSS V3.1

Score:
4.7
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.