PT-2015-5375 · Siemens · Simatic Step 7+4
Publicado
2015-03-07
·
Atualizado
2016-08-24
·
CVE-2015-1594
CVSS v2.0
6.9
Média
| Vetor | AV:L/AC:M/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Siemens SIMATIC ProSave versions prior to 13 SP1
Siemens SIMATIC CFC versions prior to 8.0 SP4 Upd9 and 8.1 Upd1
Siemens SIMATIC STEP 7 versions prior to 5.5 SP1 HF2, 5.5 SP2 HF7, 5.5 SP3, and 5.5 SP4 HF4
Siemens SIMOTION Scout versions prior to 4.4
Siemens STARTER versions prior to 4.4 HF3
Description
The issue allows local users to gain privileges via a Trojan horse application file due to an untrusted search path vulnerability.
Recommendations
For Siemens SIMATIC ProSave versions prior to 13 SP1, update to version 13 SP1 or later.
For Siemens SIMATIC CFC versions prior to 8.0 SP4 Upd9, update to version 8.0 SP4 Upd9 or later.
For Siemens SIMATIC CFC version 8.1, update to version 8.1 Upd1 or later.
For Siemens SIMATIC STEP 7 versions prior to 5.5 SP1 HF2, update to version 5.5 SP1 HF2 or later.
For Siemens SIMATIC STEP 7 versions 5.5 SP2 prior to HF7, update to version 5.5 SP2 HF7 or later.
For Siemens SIMATIC STEP 7 version 5.5 SP3, update to a version with the fix applied.
For Siemens SIMATIC STEP 7 versions 5.5 SP4 prior to HF4, update to version 5.5 SP4 HF4 or later.
For Siemens SIMOTION Scout versions prior to 4.4, update to version 4.4 or later.
For Siemens STARTER versions prior to 4.4 HF3, update to version 4.4 HF3 or later.
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Simatic Cfc
Simatic Prosave
Simatic Step 7
Simotion Scout
Starter