CVE-2016-8672: Infoleak
First published: Wed Nov 23 2016(Updated: )
A vulnerability has been identified in SIMATIC CP 343-1 Advanced (incl. SIPLUS NET variant) (All versions < V3.0.53), SIMATIC CP 443-1 Advanced (incl. SIPLUS NET variant) (All versions < V3.2.17), SIMATIC S7-300 PN/DP CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP CPU family (incl. SIPLUS variants) (All versions). The integrated web server delivers cookies without the "secure" flag. Modern browsers interpreting the flag would mitigate potential data leakage in case of clear text transmission.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Siemens Simatic Cp 343-1 Firmware | ||
| Siemens Simatic Cp 343-1 | ||
| Siemens Simatic S7 300 Cpu Firmware | ||
| Siemens Simatic S7 300 Cpu | ||
| Siemens Simatic S7 400 Cpu Firmware | ||
| Siemens Simatic S7 400 Cpu | ||
| Siemens Simatic Cp 443-1 Firmware | ||
| Siemens Simatic Cp 443-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
- collector/nvd-index
- agent/references
- agent/weakness
- agent/author
- agent/severity
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/tags
- agent/first-publish-date
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- vendor/siemens
- canonical/siemens simatic cp 343-1 firmware
- canonical/siemens simatic cp 343-1
- canonical/siemens simatic s7 300 cpu firmware
- canonical/siemens simatic s7 300 cpu
- canonical/siemens simatic s7 400 cpu firmware
- canonical/siemens simatic s7 400 cpu
- canonical/siemens simatic cp 443-1 firmware
- canonical/siemens simatic cp 443-1