SB2016080804 - Permissions, Privileges, and Access Controls in Siemens SINEMA Server

Description

This security bulletin contains information about 1 security vulnerability.

1) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2016-6486)

The vulnerability allows a local authenticated user to execute arbitrary code.

Siemens SINEMA Server uses weak permissions for the application folder, which allows local users to gain privileges via unspecified vectors.

Remediation

Install update from vendor's website.

References

• http://www.securityfocus.com/bid/92254
• http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-321174.pdf
• http://www.zerodayinitiative.com/advisories/ZDI-16-478
• https://ics-cert.us-cert.gov/advisories/ICSA-16-215-02