CVE-2012-3015

Name of the Vulnerable Software and Affected Versions Siemens SIMATIC STEP7 versions prior to 5.5 SP1 Siemens SIMATIC PCS7 versions 7.1 SP3 and earlier

Description The issue allows local users to gain privileges via a Trojan horse DLL in a STEP7 project folder. This is due to an untrusted search path vulnerability.

Recommendations For Siemens SIMATIC STEP7 versions prior to 5.5 SP1, update to version 5.5 SP1 or later. For Siemens SIMATIC PCS7 versions 7.1 SP3 and earlier, update to a version later than 7.1 SP3. As a temporary workaround, consider restricting access to STEP7 project folders to minimize the risk of exploitation.