Vulnerabilities > CVE-2012-3015 - Unspecified vulnerability in Siemens Simatic Pcs7 and Simatic Step 7

CVSS 6.9 - MEDIUM

Attack vector

LOCAL

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

local

siemens

NVD

Published: 2012-07-26

Updated: 2012-07-30

Summary

Untrusted search path vulnerability in Siemens SIMATIC STEP7 before 5.5 SP1, as used in SIMATIC PCS7 7.1 SP3 and earlier and other products, allows local users to gain privileges via a Trojan horse DLL in a STEP7 project folder. Per: http://cwe.mitre.org/data/definitions/426.html 'CWE-426: Untrusted Search Path'

Vulnerable Configurations

Part	Description	Count
Application	Siemens Siemens Simatic Pcs7 7.1 Siemens Simatic Step 7 5.5	6

References

http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-110665.pdf
http://www.us-cert.gov/control_systems/pdf/ICSA-12-205-02.pdf