#VU995 Information disclosure in SIMATIC STEP 7 - CVE-2016-7960

Cybersecurity Help s.r.o.

Published: 2016-10-14

Vulnerability identifier: #VU995

Vulnerability risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear]

CVE-ID: CVE-2016-7960

CWE-ID: CWE-310

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
SIMATIC STEP 7
Server applications / SCADA systems

Vendor: Siemens

Description
The vulnerability allows a local user to obtain potentially sensitive configuration settings on the target system.
The weakness is due to cryptographic issues that lets attacker bypass protection of the transport format of TIA Portal project files and view important files.
Successful exploitation of the vulnerability results in disclosure of potentially sensitive data on the vulnerable system.

Mitigation
Update to version 14.

Vulnerable software versions

SIMATIC STEP 7: 1.0 - 13

External links
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-869766.pdf

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

Latest bulletins with this vulnerability

Information disclosure in Siemens SIMATIC STEP 7