CVE-2016-8672

Name of the Vulnerable Software and Affected Versions SIMATIC CP 343-1 Advanced (incl. SIPLUS NET variant) versions prior to V3.0.53 SIMATIC CP 443-1 Advanced (incl. SIPLUS NET variant) versions prior to V3.2.17 SIMATIC S7-300 PN/DP CPU family (incl. SIPLUS variants) (affected versions not specified) SIMATIC S7-400 PN/DP CPU family (incl. SIPLUS variants) (affected versions not specified)

Description A vulnerability has been identified where the integrated web server delivers cookies without the "secure" flag, potentially leading to data leakage in case of clear text transmission. However, modern browsers interpreting the flag would mitigate this issue.

Recommendations For SIMATIC CP 343-1 Advanced (incl. SIPLUS NET variant) versions prior to V3.0.53, update to version V3.0.53 or later. For SIMATIC CP 443-1 Advanced (incl. SIPLUS NET variant) versions prior to V3.2.17, update to version V3.2.17 or later. For SIMATIC S7-300 PN/DP CPU family (incl. SIPLUS variants) and SIMATIC S7-400 PN/DP CPU family (incl. SIPLUS variants), at the moment, there is no information about a newer version that contains a fix for this vulnerability.