CVE-2015-1594

Name of the Vulnerable Software and Affected Versions Siemens SIMATIC ProSave versions prior to 13 SP1 Siemens SIMATIC CFC versions prior to 8.0 SP4 Upd9 and 8.1 Upd1 Siemens SIMATIC STEP 7 versions prior to 5.5 SP1 HF2, 5.5 SP2 HF7, 5.5 SP3, and 5.5 SP4 HF4 Siemens SIMOTION Scout versions prior to 4.4 Siemens STARTER versions prior to 4.4 HF3

Description The issue allows local users to gain privileges via a Trojan horse application file due to an untrusted search path vulnerability.

Recommendations For Siemens SIMATIC ProSave versions prior to 13 SP1, update to version 13 SP1 or later. For Siemens SIMATIC CFC versions prior to 8.0 SP4 Upd9, update to version 8.0 SP4 Upd9 or later. For Siemens SIMATIC CFC version 8.1, update to version 8.1 Upd1 or later. For Siemens SIMATIC STEP 7 versions prior to 5.5 SP1 HF2, update to version 5.5 SP1 HF2 or later. For Siemens SIMATIC STEP 7 versions 5.5 SP2 prior to HF7, update to version 5.5 SP2 HF7 or later. For Siemens SIMATIC STEP 7 version 5.5 SP3, update to a version with the fix applied. For Siemens SIMATIC STEP 7 versions 5.5 SP4 prior to HF4, update to version 5.5 SP4 HF4 or later. For Siemens SIMOTION Scout versions prior to 4.4, update to version 4.4 or later. For Siemens STARTER versions prior to 4.4 HF3, update to version 4.4 HF3 or later.