CVE-2016-7960: Infoleak
First published: Thu Oct 13 2016(Updated: )
Siemens SIMATIC STEP 7 (TIA Portal) before 14 uses an improper format for managing TIA project files during version updates, which makes it easier for local users to obtain sensitive configuration information via unspecified vectors.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SIMATIC STEP 7 | <=13.010 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2016-7960?
CVE-2016-7960 is considered a high severity vulnerability that can lead to exposure of sensitive configuration information.
How do I fix CVE-2016-7960?
To fix CVE-2016-7960, users should upgrade to Siemens SIMATIC STEP 7 version 14 or higher.
What are the potential impacts of CVE-2016-7960?
The potential impacts of CVE-2016-7960 include unauthorized access to sensitive configuration data by local users.
Which versions of Siemens SIMATIC STEP 7 are affected by CVE-2016-7960?
CVE-2016-7960 affects Siemens SIMATIC STEP 7 versions prior to 14, specifically up to 13.010.
Who is affected by CVE-2016-7960?
Local users of affected versions of Siemens SIMATIC STEP 7 prior to version 14 are at risk due to CVE-2016-7960.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/remedy
- agent/author
- agent/last-modified-date
- agent/weakness
- agent/references
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/siemens
- canonical/simatic step 7
- version/simatic step 7/13.010