CVE-2016-8672
MEDIUMSIMATIC CP 343-1 Advanced, SIMATIC CP 443-1 Advanced, SIMATIC S7-30...
Title source: llmDescription
A vulnerability has been identified in SIMATIC CP 343-1 Advanced (incl. SIPLUS NET variant) (All versions < V3.0.53), SIMATIC CP 443-1 Advanced (incl. SIPLUS NET variant) (All versions < V3.2.17), SIMATIC S7-300 PN/DP CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP CPU family (incl. SIPLUS variants) (All versions). The integrated web server delivers cookies without the "secure" flag. Modern browsers interpreting the flag would mitigate potential data leakage in case of clear text transmission.
Scores
CVSS v3
5.3
EPSS
0.0023
EPSS Percentile
45.8%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Classification
CWE
CWE-200
Status
published
Affected Products (5)
siemens/simatic_cp_343-1_firmware
siemens/simatic_s7_300_cpu_firmware
siemens/simatic_s7_400_cpu_firmware
siemens/simatic_cp_443-1_firmware
n/a/n/a
Timeline
Published
Nov 23, 2016
Tracked Since
Feb 18, 2026