Vulnerability Description
Siemens SIMATIC STEP 7 (TIA Portal) before 14 improperly stores pre-shared key data in TIA project files, which makes it easier for local users to obtain sensitive information by leveraging access to a file and conducting a brute-force attack.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Siemens | Simatic Step 7 | <= 13.010 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/93551Third Party AdvisoryVDB Entry
- http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-869766.pdfVendor Advisory
- https://ics-cert.us-cert.gov/advisories/ICSA-16-287-03
- http://www.securityfocus.com/bid/93551Third Party AdvisoryVDB Entry
- http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-869766.pdfVendor Advisory
- https://ics-cert.us-cert.gov/advisories/ICSA-16-287-03
FAQ
What is CVE-2016-7959?
CVE-2016-7959 is a vulnerability with a CVSS score of 4.7 (MEDIUM). Siemens SIMATIC STEP 7 (TIA Portal) before 14 improperly stores pre-shared key data in TIA project files, which makes it easier for local users to obtain sensitive information by leveraging access to ...
How severe is CVE-2016-7959?
CVE-2016-7959 has been rated MEDIUM with a CVSS base score of 4.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-7959?
Check the references section above for vendor advisories and patch information. Affected products include: Siemens Simatic Step 7.