Siemens SIMATIC STEP 7 (TIA Portal) before 14 uses an improper format for managing TIA project files during version updates, which makes it easier for local users to obtain sensitive configuration information via unspecified vectors.
References
Link | Resource |
---|---|
http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-869766.pdf | Vendor Advisory |
http://www.securityfocus.com/bid/93551 | Third Party Advisory VDB Entry |
https://ics-cert.us-cert.gov/advisories/ICSA-16-287-03 | Mitigation Patch Third Party Advisory US Government Resource VDB Entry |
Configurations
Information
Published : 2016-10-13 03:59
Updated : 2016-12-22 15:25
NVD link : CVE-2016-7960
Mitre link : CVE-2016-7960
JSON object : View
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
Products Affected
siemens
- simatic_step_7