CVE-2016-7960
LOWSIMATIC STEP 7 < 13.010 - Exposure of Sensitive Configuration Information via TIA Project File
Title source: llmDescription
Siemens SIMATIC STEP 7 (TIA Portal) before 14 uses an improper format for managing TIA project files during version updates, which makes it easier for local users to obtain sensitive configuration information via unspecified vectors.
References (3)
Core 3
Core References
Mitigation, Patch, Third Party Advisory, US Government Resource, VDB Entry x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSA-16-287-03
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/93551
Vendor Advisory x_refsource_confirm
http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-869766.pdf
Scores
CVSS v3
2.5
EPSS
0.0009
EPSS Percentile
24.9%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (1)
siemens/simatic_step_7
< 13.010
Published
Oct 13, 2016
Tracked Since
Feb 18, 2026