CVE-2016-8673

Name of the Vulnerable Software and Affected Versions SIMATIC CP 343-1 Advanced (incl. SIPLUS NET variant) versions prior to V3.0.53 SIMATIC CP 443-1 Advanced (incl. SIPLUS NET variant) versions prior to V3.2.17 SIMATIC S7-300 PN/DP CPU family (incl. SIPLUS variants) (affected versions not specified) SIMATIC S7-400 PN/DP CPU family (incl. SIPLUS variants) (affected versions not specified)

Description A vulnerability has been identified that could allow remote attackers to perform actions with the permissions of an authenticated user. This is possible if the targeted user has an active session and is induced to trigger the malicious request, exploiting the integrated web server at port 80/TCP or port 443/TCP of the affected devices.

Recommendations For SIMATIC CP 343-1 Advanced (incl. SIPLUS NET variant) versions prior to V3.0.53, update to version V3.0.53 or later. For SIMATIC CP 443-1 Advanced (incl. SIPLUS NET variant) versions prior to V3.2.17, update to version V3.2.17 or later. For SIMATIC S7-300 PN/DP CPU family (incl. SIPLUS variants) and SIMATIC S7-400 PN/DP CPU family (incl. SIPLUS variants), at the moment, there is no information about a newer version that contains a fix for this vulnerability.