Description
Untrusted search path vulnerability in Siemens SIMATIC ProSave before 13 SP1; SIMATIC CFC before 8.0 SP4 Upd9 and 8.1 before Upd1; SIMATIC STEP 7 before 5.5 SP1 HF2, 5.5 SP2 before HF7, 5.5 SP3, and 5.5 SP4 before HF4; SIMOTION Scout before 4.4; and STARTER before 4.4 HF3 allows local users to gain privileges via a Trojan horse application file.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-451236.pdf
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1032039
Scores
EPSS
0.0008
EPSS Percentile
22.5%
Details
Status
published
Products (7)
siemens/simatic_cfc
8.1
siemens/simatic_cfc
< 8.0
siemens/simatic_prosave
13.0
siemens/simatic_step_7
5.5 sp2 (3 CPE variants)
siemens/simatic_step_7
< 5.5
siemens/simotion_scout
< 4.3
siemens/starter
< 4.4
Published
Mar 07, 2015
Tracked Since
Feb 18, 2026