VAR-201610-0193
Vulnerability from variot - Updated: 2023-12-18 12:37Siemens SIMATIC STEP 7 (TIA Portal) before 14 uses an improper format for managing TIA project files during version updates, which makes it easier for local users to obtain sensitive configuration information via unspecified vectors. Siemens SIMATIC is an automation software in a single engineering environment. An information disclosure vulnerability exists in Siemens SIMATIC STEP 7 V12 and V13. SIMATIC STEP 7 (TIA Portal) is prone to mutliple local information-disclosure vulnerabilities. Attackers can exploit these issues to obtain sensitive information that may aid in launching further attacks. All versions of SIMATIC STEP 7 (TIA Portal) v14 are affected. Siemens SIMATIC STEP 7 (TIA Portal) is a set of programming software for SIMATIC controllers from Siemens, Germany. The software provides PLC programming, design option packages, advanced drive technology and more
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201610-0193",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "simatic step 7",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "13.010"
},
{
"model": "simatic step 7",
"scope": "lt",
"trust": 0.8,
"vendor": "siemens",
"version": "(tia portal ) 14"
},
{
"model": "simatic step",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "7\u003cv14"
},
{
"model": "simatic step 7",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "13.010"
},
{
"model": "simatic step tia portal",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "7v13"
},
{
"model": "simatic step tia portal",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "7v12"
},
{
"model": "simatic step tia portal",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "7v14"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic step 7",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "b3aaa1fa-b1ac-4a47-a480-7a1b017cadeb"
},
{
"db": "CNVD",
"id": "CNVD-2016-08769"
},
{
"db": "BID",
"id": "93551"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005413"
},
{
"db": "NVD",
"id": "CVE-2016-7960"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-424"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_step_7:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "13.010",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-7960"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dmitry Sklyarov and Gleb Gritsai from Positive Technologies.",
"sources": [
{
"db": "BID",
"id": "93551"
}
],
"trust": 0.3
},
"cve": "CVE-2016-7960",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 1.9,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.4,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 1.9,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2016-7960",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 1.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 1.5,
"id": "CNVD-2016-08769",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:L/AC:H/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 1.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 1.5,
"id": "b3aaa1fa-b1ac-4a47-a480-7a1b017cadeb",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.2,
"vectorString": "AV:L/AC:H/Au:S/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 1.9,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.4,
"id": "VHN-96780",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:L/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 2.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.0,
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "High",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 2.5,
"baseSeverity": "Low",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2016-7960",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-7960",
"trust": 1.8,
"value": "LOW"
},
{
"author": "CNVD",
"id": "CNVD-2016-08769",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201610-424",
"trust": 0.6,
"value": "LOW"
},
{
"author": "IVD",
"id": "b3aaa1fa-b1ac-4a47-a480-7a1b017cadeb",
"trust": 0.2,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-96780",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "b3aaa1fa-b1ac-4a47-a480-7a1b017cadeb"
},
{
"db": "CNVD",
"id": "CNVD-2016-08769"
},
{
"db": "VULHUB",
"id": "VHN-96780"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005413"
},
{
"db": "NVD",
"id": "CVE-2016-7960"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-424"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens SIMATIC STEP 7 (TIA Portal) before 14 uses an improper format for managing TIA project files during version updates, which makes it easier for local users to obtain sensitive configuration information via unspecified vectors. Siemens SIMATIC is an automation software in a single engineering environment. An information disclosure vulnerability exists in Siemens SIMATIC STEP 7 V12 and V13. SIMATIC STEP 7 (TIA Portal) is prone to mutliple local information-disclosure vulnerabilities. \nAttackers can exploit these issues to obtain sensitive information that may aid in launching further attacks. \nAll versions of SIMATIC STEP 7 (TIA Portal) v14 are affected. Siemens SIMATIC STEP 7 (TIA Portal) is a set of programming software for SIMATIC controllers from Siemens, Germany. The software provides PLC programming, design option packages, advanced drive technology and more",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-7960"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005413"
},
{
"db": "CNVD",
"id": "CNVD-2016-08769"
},
{
"db": "BID",
"id": "93551"
},
{
"db": "IVD",
"id": "b3aaa1fa-b1ac-4a47-a480-7a1b017cadeb"
},
{
"db": "VULHUB",
"id": "VHN-96780"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-7960",
"trust": 3.6
},
{
"db": "SIEMENS",
"id": "SSA-869766",
"trust": 2.6
},
{
"db": "ICS CERT",
"id": "ICSA-16-287-03",
"trust": 2.2
},
{
"db": "BID",
"id": "93551",
"trust": 1.4
},
{
"db": "CNNVD",
"id": "CNNVD-201610-424",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2016-08769",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005413",
"trust": 0.8
},
{
"db": "IVD",
"id": "B3AAA1FA-B1AC-4A47-A480-7A1B017CADEB",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-96780",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "b3aaa1fa-b1ac-4a47-a480-7a1b017cadeb"
},
{
"db": "CNVD",
"id": "CNVD-2016-08769"
},
{
"db": "VULHUB",
"id": "VHN-96780"
},
{
"db": "BID",
"id": "93551"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005413"
},
{
"db": "NVD",
"id": "CVE-2016-7960"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-424"
}
]
},
"id": "VAR-201610-0193",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "b3aaa1fa-b1ac-4a47-a480-7a1b017cadeb"
},
{
"db": "CNVD",
"id": "CNVD-2016-08769"
},
{
"db": "VULHUB",
"id": "VHN-96780"
}
],
"trust": 1.6330827
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "b3aaa1fa-b1ac-4a47-a480-7a1b017cadeb"
},
{
"db": "CNVD",
"id": "CNVD-2016-08769"
}
]
},
"last_update_date": "2023-12-18T12:37:41.871000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-869766",
"trust": 0.8,
"url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-869766.pdf"
},
{
"title": "SIEMENS SIMATIC STEP 7 Patch for Information Disclosure Vulnerability (CNVD-2016-08769)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/82255"
},
{
"title": "Siemens SIMATIC STEP 7 Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=64800"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-08769"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005413"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-424"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-96780"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005413"
},
{
"db": "NVD",
"id": "CVE-2016-7960"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-869766.pdf"
},
{
"trust": 2.2,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-16-287-03"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/93551"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7960"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-7960"
},
{
"trust": 0.3,
"url": "http://subscriber.communications.siemens.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-08769"
},
{
"db": "VULHUB",
"id": "VHN-96780"
},
{
"db": "BID",
"id": "93551"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005413"
},
{
"db": "NVD",
"id": "CVE-2016-7960"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-424"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "b3aaa1fa-b1ac-4a47-a480-7a1b017cadeb"
},
{
"db": "CNVD",
"id": "CNVD-2016-08769"
},
{
"db": "VULHUB",
"id": "VHN-96780"
},
{
"db": "BID",
"id": "93551"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005413"
},
{
"db": "NVD",
"id": "CVE-2016-7960"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-424"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-10-13T00:00:00",
"db": "IVD",
"id": "b3aaa1fa-b1ac-4a47-a480-7a1b017cadeb"
},
{
"date": "2016-10-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-08769"
},
{
"date": "2016-10-13T00:00:00",
"db": "VULHUB",
"id": "VHN-96780"
},
{
"date": "2016-10-13T00:00:00",
"db": "BID",
"id": "93551"
},
{
"date": "2016-10-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-005413"
},
{
"date": "2016-10-13T10:59:01.817000",
"db": "NVD",
"id": "CVE-2016-7960"
},
{
"date": "2016-10-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201610-424"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-10-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-08769"
},
{
"date": "2016-12-22T00:00:00",
"db": "VULHUB",
"id": "VHN-96780"
},
{
"date": "2016-10-26T02:07:00",
"db": "BID",
"id": "93551"
},
{
"date": "2016-10-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-005413"
},
{
"date": "2016-12-22T23:25:04.540000",
"db": "NVD",
"id": "CVE-2016-7960"
},
{
"date": "2016-10-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201610-424"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "93551"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-424"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens SIMATIC STEP 7 Vulnerability in which important setting information is obtained",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-005413"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201610-424"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…