Vulnerability Description
Siemens SIMATIC STEP 7 (TIA Portal) before 14 uses an improper format for managing TIA project files during version updates, which makes it easier for local users to obtain sensitive configuration information via unspecified vectors.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Siemens | Simatic Step 7 | <= 13.010 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/93551Third Party AdvisoryVDB Entry
- http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-869766.pdfVendor Advisory
- https://ics-cert.us-cert.gov/advisories/ICSA-16-287-03MitigationPatchThird Party Advisory
- http://www.securityfocus.com/bid/93551Third Party AdvisoryVDB Entry
- http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-869766.pdfVendor Advisory
- https://ics-cert.us-cert.gov/advisories/ICSA-16-287-03MitigationPatchThird Party Advisory
FAQ
What is CVE-2016-7960?
CVE-2016-7960 is a vulnerability with a CVSS score of 2.5 (LOW). Siemens SIMATIC STEP 7 (TIA Portal) before 14 uses an improper format for managing TIA project files during version updates, which makes it easier for local users to obtain sensitive configuration inf...
How severe is CVE-2016-7960?
CVE-2016-7960 has been rated LOW with a CVSS base score of 2.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-7960?
Check the references section above for vendor advisories and patch information. Affected products include: Siemens Simatic Step 7.