CVE-2016-7959

4.7MEDIUM

Key Information:

Vendor: Siemens
Status: Simatic Step 7
Vendor: CVE Published:; 13 October 2016

Summary

Siemens SIMATIC STEP 7 (TIA Portal) before 14 improperly stores pre-shared key data in TIA project files, which makes it easier for local users to obtain sensitive information by leveraging access to a file and conducting a brute-force attack.

References

https://ics-cert.us-cert.gov/advisories/ICSA-16-287-03

x_refsource_MISC

http://www.securityfocus.com/bid/93551

vdb-entryx_refsource_BID

http://www.siemens.com/cert/pool/cert/siemens_security_ad...

x_refsource_CONFIRM

CVSS V3.1

Score:

4.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 13, 2016
Vulnerability Reserved
Sep 9, 2016