Vulnerabilities > CVE-2015-1601 - 7PK - Security Features vulnerability in Siemens Simatic Step 7 12/13/5.5

CVSS 6.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

siemens

CWE-254

NVD

Published: 2015-04-06

Updated: 2016-11-28

Summary

Siemens SIMATIC STEP 7 (TIA Portal) 12 and 13 before 13 SP1 Upd1 allows man-in-the-middle attackers to obtain sensitive information or modify transmitted data via unspecified vectors.

Vulnerable Configurations

Part	Description	Count
Application	Siemens Siemens Simatic Step 7 12 Siemens Simatic Step 7 13 Siemens Simatic Step 7 5.5	3

Common Weakness Enumeration (CWE)

CWE-254 - 7PK - Security Features

References

http://www.securityfocus.com/bid/72691
http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-315836.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-487246.pdf