Lucene search

[email protected]NVD:CVE-2016-7960

HistoryOct 13, 2016 - 10:59 a.m.

CVE-2016-7960

2016-10-1310:59:01

CWE-200

[email protected]

web.nvd.nist.gov

CVSS2

1.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:N/A:N

CVSS3

2.5

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

3.6

Confidence

High

EPSS

Percentile

5.3%

JSON

Siemens SIMATIC STEP 7 (TIA Portal) before 14 uses an improper format for managing TIA project files during version updates, which makes it easier for local users to obtain sensitive configuration information via unspecified vectors.

Affected configurations

Nvd

Node

siemenssimatic_step_7Range≤13.010

VendorProductVersionCPE
siemenssimatic_step_7*cpe:2.3:a:siemens:simatic_step_7:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
siemens	simatic_step_7	*	cpe:2.3:a:siemens:simatic_step_7::::::::

References

www.securityfocus.com/bid/93551

www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-869766.pdf

ics-cert.us-cert.gov/advisories/ICSA-16-287-03

CVSS2

1.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:N/A:N

CVSS3

2.5

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

3.6

Confidence

High

EPSS

Percentile

5.3%

JSON

Related for NVD:CVE-2016-7960

ptsecurity1 prion1 cvelist1 cve1 ics1