PT-2015-3310 · Siemens · Simatic Step 7

Dmitry Sklyarov

Publicado

2015-01-15

Atualizado

2016-12-22

CVE-2016-7959

CVSS v3.1

4.7

Média

Vetor

AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Siemens SIMATIC STEP 7 (TIA Portal) versions prior to 14

Description The issue is related to the incorrect storage of pre-shared keys in TIA project files. This could allow a local attacker to gain access to sensitive information, potentially by conducting a brute-force attack after obtaining access to a file.

Recommendations For versions prior to 14, update to version 14 or later to resolve the issue. As a temporary workaround, consider restricting access to TIA project files to minimize the risk of exploitation.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-254

Identificadores relacionados

BDU:2017-02201

CVE-2016-7959

Produtos afetados

Simatic Step 7

PT-2015-3310 · Siemens · Simatic Step 7

CVE-2016-7959

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 9