var-201610-0193
Vulnerability from variot
Siemens SIMATIC STEP 7 (TIA Portal) before 14 uses an improper format for managing TIA project files during version updates, which makes it easier for local users to obtain sensitive configuration information via unspecified vectors. Siemens SIMATIC is an automation software in a single engineering environment. An information disclosure vulnerability exists in Siemens SIMATIC STEP 7 V12 and V13. SIMATIC STEP 7 (TIA Portal) is prone to mutliple local information-disclosure vulnerabilities. Attackers can exploit these issues to obtain sensitive information that may aid in launching further attacks. All versions of SIMATIC STEP 7 (TIA Portal) v14 are affected. Siemens SIMATIC STEP 7 (TIA Portal) is a set of programming software for SIMATIC controllers from Siemens, Germany. The software provides PLC programming, design option packages, advanced drive technology and more
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201610-0193",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "simatic step 7",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "13.010"
},
{
"model": "simatic step 7",
"scope": "lt",
"trust": 0.8,
"vendor": "siemens",
"version": "(tia portal ) 14"
},
{
"model": "simatic step",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "7\u003cv14"
},
{
"model": "simatic step 7",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "13.010"
},
{
"model": "simatic step tia portal",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "7v13"
},
{
"model": "simatic step tia portal",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "7v12"
},
{
"model": "simatic step tia portal",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "7v14"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic step 7",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "b3aaa1fa-b1ac-4a47-a480-7a1b017cadeb"
},
{
"db": "CNVD",
"id": "CNVD-2016-08769"
},
{
"db": "BID",
"id": "93551"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005413"
},
{
"db": "NVD",
"id": "CVE-2016-7960"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-424"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_step_7:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "13.010",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-7960"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dmitry Sklyarov and Gleb Gritsai from Positive Technologies.",
"sources": [
{
"db": "BID",
"id": "93551"
}
],
"trust": 0.3
},
"cve": "CVE-2016-7960",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 1.9,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.4,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 1.9,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2016-7960",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 1.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 1.5,
"id": "CNVD-2016-08769",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:L/AC:H/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 1.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 1.5,
"id": "b3aaa1fa-b1ac-4a47-a480-7a1b017cadeb",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.2,
"vectorString": "AV:L/AC:H/Au:S/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 1.9,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.4,
"id": "VHN-96780",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:L/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 2.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.0,
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "High",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 2.5,
"baseSeverity": "Low",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2016-7960",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-7960",
"trust": 1.8,
"value": "LOW"
},
{
"author": "CNVD",
"id": "CNVD-2016-08769",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201610-424",
"trust": 0.6,
"value": "LOW"
},
{
"author": "IVD",
"id": "b3aaa1fa-b1ac-4a47-a480-7a1b017cadeb",
"trust": 0.2,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-96780",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "b3aaa1fa-b1ac-4a47-a480-7a1b017cadeb"
},
{
"db": "CNVD",
"id": "CNVD-2016-08769"
},
{
"db": "VULHUB",
"id": "VHN-96780"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005413"
},
{
"db": "NVD",
"id": "CVE-2016-7960"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-424"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens SIMATIC STEP 7 (TIA Portal) before 14 uses an improper format for managing TIA project files during version updates, which makes it easier for local users to obtain sensitive configuration information via unspecified vectors. Siemens SIMATIC is an automation software in a single engineering environment. An information disclosure vulnerability exists in Siemens SIMATIC STEP 7 V12 and V13. SIMATIC STEP 7 (TIA Portal) is prone to mutliple local information-disclosure vulnerabilities. \nAttackers can exploit these issues to obtain sensitive information that may aid in launching further attacks. \nAll versions of SIMATIC STEP 7 (TIA Portal) v14 are affected. Siemens SIMATIC STEP 7 (TIA Portal) is a set of programming software for SIMATIC controllers from Siemens, Germany. The software provides PLC programming, design option packages, advanced drive technology and more",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-7960"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005413"
},
{
"db": "CNVD",
"id": "CNVD-2016-08769"
},
{
"db": "BID",
"id": "93551"
},
{
"db": "IVD",
"id": "b3aaa1fa-b1ac-4a47-a480-7a1b017cadeb"
},
{
"db": "VULHUB",
"id": "VHN-96780"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-7960",
"trust": 3.6
},
{
"db": "SIEMENS",
"id": "SSA-869766",
"trust": 2.6
},
{
"db": "ICS CERT",
"id": "ICSA-16-287-03",
"trust": 2.2
},
{
"db": "BID",
"id": "93551",
"trust": 1.4
},
{
"db": "CNNVD",
"id": "CNNVD-201610-424",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2016-08769",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005413",
"trust": 0.8
},
{
"db": "IVD",
"id": "B3AAA1FA-B1AC-4A47-A480-7A1B017CADEB",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-96780",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "b3aaa1fa-b1ac-4a47-a480-7a1b017cadeb"
},
{
"db": "CNVD",
"id": "CNVD-2016-08769"
},
{
"db": "VULHUB",
"id": "VHN-96780"
},
{
"db": "BID",
"id": "93551"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005413"
},
{
"db": "NVD",
"id": "CVE-2016-7960"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-424"
}
]
},
"id": "VAR-201610-0193",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "b3aaa1fa-b1ac-4a47-a480-7a1b017cadeb"
},
{
"db": "CNVD",
"id": "CNVD-2016-08769"
},
{
"db": "VULHUB",
"id": "VHN-96780"
}
],
"trust": 1.6330827
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "b3aaa1fa-b1ac-4a47-a480-7a1b017cadeb"
},
{
"db": "CNVD",
"id": "CNVD-2016-08769"
}
]
},
"last_update_date": "2023-12-18T12:37:41.871000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-869766",
"trust": 0.8,
"url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-869766.pdf"
},
{
"title": "SIEMENS SIMATIC STEP 7 Patch for Information Disclosure Vulnerability (CNVD-2016-08769)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/82255"
},
{
"title": "Siemens SIMATIC STEP 7 Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=64800"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-08769"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005413"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-424"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-96780"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005413"
},
{
"db": "NVD",
"id": "CVE-2016-7960"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-869766.pdf"
},
{
"trust": 2.2,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-16-287-03"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/93551"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7960"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-7960"
},
{
"trust": 0.3,
"url": "http://subscriber.communications.siemens.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-08769"
},
{
"db": "VULHUB",
"id": "VHN-96780"
},
{
"db": "BID",
"id": "93551"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005413"
},
{
"db": "NVD",
"id": "CVE-2016-7960"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-424"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "b3aaa1fa-b1ac-4a47-a480-7a1b017cadeb"
},
{
"db": "CNVD",
"id": "CNVD-2016-08769"
},
{
"db": "VULHUB",
"id": "VHN-96780"
},
{
"db": "BID",
"id": "93551"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005413"
},
{
"db": "NVD",
"id": "CVE-2016-7960"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-424"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-10-13T00:00:00",
"db": "IVD",
"id": "b3aaa1fa-b1ac-4a47-a480-7a1b017cadeb"
},
{
"date": "2016-10-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-08769"
},
{
"date": "2016-10-13T00:00:00",
"db": "VULHUB",
"id": "VHN-96780"
},
{
"date": "2016-10-13T00:00:00",
"db": "BID",
"id": "93551"
},
{
"date": "2016-10-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-005413"
},
{
"date": "2016-10-13T10:59:01.817000",
"db": "NVD",
"id": "CVE-2016-7960"
},
{
"date": "2016-10-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201610-424"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-10-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-08769"
},
{
"date": "2016-12-22T00:00:00",
"db": "VULHUB",
"id": "VHN-96780"
},
{
"date": "2016-10-26T02:07:00",
"db": "BID",
"id": "93551"
},
{
"date": "2016-10-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-005413"
},
{
"date": "2016-12-22T23:25:04.540000",
"db": "NVD",
"id": "CVE-2016-7960"
},
{
"date": "2016-10-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201610-424"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "93551"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-424"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens SIMATIC STEP 7 Vulnerability in which important setting information is obtained",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-005413"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201610-424"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.