Vulnerability Description
Untrusted search path vulnerability in Siemens SIMATIC STEP7 before 5.5 SP1, as used in SIMATIC PCS7 7.1 SP3 and earlier and other products, allows local users to gain privileges via a Trojan horse DLL in a STEP7 project folder.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Siemens | Simatic Pcs7 | <= 7.1 |
| Siemens | Simatic Step 7 | <= 5.5 |
References
- http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_secVendor Advisory
- http://www.us-cert.gov/control_systems/pdf/ICSA-12-205-02.pdfUS Government Resource
- http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_secVendor Advisory
- http://www.us-cert.gov/control_systems/pdf/ICSA-12-205-02.pdfUS Government Resource
FAQ
What is CVE-2012-3015?
CVE-2012-3015 is a vulnerability with a CVSS score of 6.9 (MEDIUM). Untrusted search path vulnerability in Siemens SIMATIC STEP7 before 5.5 SP1, as used in SIMATIC PCS7 7.1 SP3 and earlier and other products, allows local users to gain privileges via a Trojan horse DL...
How severe is CVE-2012-3015?
CVE-2012-3015 has been rated MEDIUM with a CVSS base score of 6.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-3015?
Check the references section above for vendor advisories and patch information. Affected products include: Siemens Simatic Pcs7, Siemens Simatic Step 7.