Privilege Escalation Vulnerability in SIMATIC Product by Siemens
CVE-2016-8561

6.6MEDIUM

Key Information:

Vendor
Siemens
Status
Simatic Cp 1543-1 Firmware
Vendor
CVE Published:
18 November 2016

Summary

A security flaw has been detected in SIMATIC CP 1543-1 and SIPLUS NET CP 1543-1 that allows users with elevated privileges within the TIA Portal and access to project data on the engineering station to potentially gain unauthorized privileged access to these devices. This vulnerability is especially critical for environments where proper access controls are essential to maintaining the security of industrial systems.

References

http://www.securityfocus.com/bid/94436
vdb-entryx_refsource_BID
https://ics-cert.us-cert.gov/advisories/ICSA-16-327-01
x_refsource_MISC
http://www.siemens.com/cert/pool/cert/siemens_security_ad...
x_refsource_CONFIRM

CVSS V3.1

Score:
6.6
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.