CVE-2016-7960

2.5LOW

Key Information:

Vendor
Siemens
Status
Simatic Step 7
Vendor
CVE Published:
13 October 2016

Summary

Siemens SIMATIC STEP 7 (TIA Portal) before 14 uses an improper format for managing TIA project files during version updates, which makes it easier for local users to obtain sensitive configuration information via unspecified vectors.

References

https://ics-cert.us-cert.gov/advisories/ICSA-16-287-03
x_refsource_MISC
http://www.securityfocus.com/bid/93551
vdb-entryx_refsource_BID
http://www.siemens.com/cert/pool/cert/siemens_security_ad...
x_refsource_CONFIRM

CVSS V3.1

Score:
2.5
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.