CVE-2016-7165 Information
Description
A vulnerability has been identified in Primary Setup Tool (PST) (All versions V4.2 HF1) SIMATIC IT Production Suite (All versions V7.0 SP1 HFX 2) SIMATIC NET PC-Software (All versions V14) SIMATIC PCS 7 V7.1 (All versions) SIMATIC PCS 7 V8.0 (All versions) SIMATIC PCS 7 V8.1 (All versions) SIMATIC PCS 7 V8.2 (All versions V8.2 SP1) SIMATIC STEP 7 (TIA Portal) V13 (All versions V13 SP2) SIMATIC STEP 7 V5.X (All versions V5.5 SP4 HF11) SIMATIC WinCC (TIA Portal) Basic Comfort Advanced (All versions V14) SIMATIC WinCC (TIA Portal) Professional V13 (All versions V13 SP2) SIMATIC WinCC (TIA Portal) Professional V14 (All versions V14 SP1) SIMATIC WinCC Runtime Professional V13 (All versions V13 SP2) SIMATIC WinCC Runtime Professional V14 (All versions V14 SP1) SIMATIC WinCC V7.0 SP2 and earlier versions (All versions V7.0 SP2 Upd 12) SIMATIC WinCC V7.0 SP3 (All versions V7.0 SP3 Upd 8) SIMATIC WinCC V7.2 (All versions V7.2 Upd 14) SIMATIC WinCC V7.3 (All versions V7.3 Upd 11) SIMATIC WinCC V7.4 (All versions V7.4 SP1) SIMIT V9.0 (All versions V9.0 SP1) SINEMA Remote Connect Client (All versions V1.0 SP3) SINEMA Server (All versions V13 SP2) SOFTNET Security Client V5.0 (All versions) Security Configuration Tool (SCT) (All versions V4.3 HF1) TeleControl Server Basic (All versions V3.0 SP2) WinAC RTX 2010 SP2 (All versions) WinAC RTX F 2010 SP2 (All versions). Unquoted service paths could allow local Microsoft Windows operating system users to escalate their privileges if the affected products are not installed under their default path (\C:\Program Files\*\ or the localized equivalent).
CVSS Vector
CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Reference
http://securityaffairs.co/wordpress/53266/security/cve-2016-7165-siemens.html http://www.securityfocus.com/bid/94158 https://cert-portal.siemens.com/productcert/pdf/ssa-701708.pdf https://ics-cert.us-cert.gov/advisories/ICSA-16-313-02
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction Required
HIGH
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
HIGH
Base Severity
6.4
Share on: