Information disclosure in SIMATIC STEP 7 - CVE-2016-7959
Published: October 13, 2016 / Updated: October 14, 2016
Vulnerability identifier: #VU994
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear
CVE-ID: CVE-2016-7959
CWE-ID: CWE-326
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Siemens
Affected software:
SIMATIC STEP 7
SIMATIC STEP 7
Detailed vulnerability description
The vulnerability allows a local user with read access to TIA project files to obtain potentially sensitive information on the target system.
The weakness is due to inadequate encryption strength that lets attacker perform brute-force attack and view important files.
Successful exploitation of the vulnerability results in disclosure of potentially sensitive data on the vulnerable system.
The weakness is due to inadequate encryption strength that lets attacker perform brute-force attack and view important files.
Successful exploitation of the vulnerability results in disclosure of potentially sensitive data on the vulnerable system.
How to mitigate CVE-2016-7959
Update to version 14.