Lucene search

[email protected]NVD:CVE-2012-3015

HistoryJul 26, 2012 - 10:41 a.m.

CVE-2012-3015

2012-07-2610:41:47

[email protected]

web.nvd.nist.gov

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

AI Score

6.5

Confidence

Low

EPSS

0.001

Percentile

32.6%

JSON

Untrusted search path vulnerability in Siemens SIMATIC STEP7 before 5.5 SP1, as used in SIMATIC PCS7 7.1 SP3 and earlier and other products, allows local users to gain privileges via a Trojan horse DLL in a STEP7 project folder.

Affected configurations

Nvd

Node

siemenssimatic_pcs7Range≤7.1sp3

siemenssimatic_step_7Range≤5.5

VendorProductVersionCPE
siemenssimatic_pcs7*cpe:2.3:a:siemens:simatic_pcs7:*:sp3:*:*:*:*:*:*
siemenssimatic_step_7*cpe:2.3:a:siemens:simatic_step_7:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
siemens	simatic_pcs7	*	cpe:2.3:a:siemens:simatic_pcs7::sp3::::::*
siemens	simatic_step_7	*	cpe:2.3:a:siemens:simatic_step_7::::::::

References

www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-110665.pdf

www.us-cert.gov/control_systems/pdf/ICSA-12-205-02.pdf

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

AI Score

6.5

Confidence

Low

EPSS

0.001

Percentile

32.6%

JSON

Related for NVD:CVE-2012-3015

prion1 cve1 ics1 cvelist1