CVE-2016-8561

MEDIUM

SIMATIC CP 1543-1 - Privilege Escalation

Title source: llm

Description

A vulnerability has been identified in SIMATIC CP 1543-1 (All versions < V2.0.28), SIPLUS NET CP 1543-1 (All versions < V2.0.28). Users with elevated privileges to TIA-Portal and project data on the engineering station could possibly get privileged access on affected devices.

References (4)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/94436

[Patch, Vendor Advisory] http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-672373.pdf

[Vendor Advisory] https://cert-portal.siemens.com/productcert/pdf/ssa-672373.pdf

[Various Sources] https://ics-cert.us-cert.gov/advisories/ICSA-16-327-01

Scores

CVSS v3 6.6

EPSS 0.0055

EPSS Percentile 67.6%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-264

Status published

Affected Products (2)

siemens/simatic_cp_1543-1_firmware

n/a/n/a

Timeline

Published Nov 18, 2016

Tracked Since Feb 18, 2026