Improper File Management Vulnerability in Siemens SIMATIC STEP 7 (TIA Portal)
CVE-2016-7960

2.5LOW

Key Information:

Vendor
Siemens
Status
Simatic Step 7
Vendor
CVE Published:
13 October 2016

Summary

Siemens SIMATIC STEP 7 (TIA Portal) prior to version 14 suffers from a vulnerability due to improper management of project files during version updates. This flaw allows local users to exploit unspecified vectors to gain access to sensitive configuration information, potentially compromising the integrity of the system and its data. The issue emphasizes the importance of secure software practices and user permissions in critical infrastructure environments.

References

https://ics-cert.us-cert.gov/advisories/ICSA-16-287-03
x_refsource_MISC
http://www.securityfocus.com/bid/93551
vdb-entryx_refsource_BID
http://www.siemens.com/cert/pool/cert/siemens_security_ad...
x_refsource_CONFIRM

CVSS V3.1

Score:
2.5
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.