CVE-2012-3015
EXPLOITEDSiemens SIMATIC STEP7 <5.5 SP1 - Privilege Escalation
Title source: llmExploitation Summary
CVE-2012-3015 has been observed exploited in the wild (reported by VulnCheck KEV).
Description
Untrusted search path vulnerability in Siemens SIMATIC STEP7 before 5.5 SP1, as used in SIMATIC PCS7 7.1 SP3 and earlier and other products, allows local users to gain privileges via a Trojan horse DLL in a STEP7 project folder.
References (2)
Core 2
Core References
US Government Resource x_refsource_misc
http://www.us-cert.gov/control_systems/pdf/ICSA-12-205-02.pdf
Vendor Advisory x_refsource_confirm
http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-110665.pdf
Scores
EPSS
0.0006
EPSS Percentile
18.3%
Details
VulnCheck KEV
2021-12-15
Status
published
Products (2)
siemens/simatic_pcs7
< 7.1
siemens/simatic_step_7
< 5.5
Published
Jul 26, 2012
Tracked Since
Feb 18, 2026