CVE-2016-8672 Information

Description

A vulnerability has been identified in SIMATIC CP 343-1 Advanced (incl. SIPLUS NET variant) (All versions V3.0.53) SIMATIC CP 443-1 Advanced (incl. SIPLUS NET variant) (All versions V3.2.17) SIMATIC S7-300 PN/DP CPU family (incl. SIPLUS variants) (All versions) SIMATIC S7-400 PN/DP CPU family (incl. SIPLUS variants) (All versions). The integrated web server delivers cookies without the \secure\ flag. Modern browsers interpreting the flag would mitigate potential data leakage in case of clear text transmission.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Reference

https://cert-portal.siemens.com/productcert/pdf/ssa-603476.pdf

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

LOW

Availability Impact

NONE

Base Score

NONE

Base Severity

5.3