Lucene search
HistoryFeb 18, 2015 - 2:59 a.m.
CVE-2015-1356
siemens
simatic step 7
tia portal
cve-2015-1356
nvd
remote attack
authorization data
integrity protection
6.9 Medium
AI Score
Confidence
Low
4.4 Medium
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:P/I:P/A:P
0.005 Low
EPSS
Percentile
75.7%
Siemens SIMATIC STEP 7 (TIA Portal) before 13 SP1 determines a user’s privileges on the basis of project-file fields that lack integrity protection, which allows remote attackers to establish arbitrary authorization data via a modified file.
Affected configurations
Node
siemenssimatic_step_7Range≤13.0
| CPE | Name | Operator | Version |
|---|---|---|---|
| siemens:simatic_step_7 | siemens simatic step 7 | le | 13.0 |
Related
ptsecurity
ptsecurity
PT-2015-10: Privilege Gaining in Siemens SIMATIC STEP 7 (TIA Portal)
2012-09-21 00:00:00
nvd
nvd
CVE-2015-1356
2015-02-18 02:59:06
cvelist
cvelist
CVE-2015-1356
2015-02-18 02:00:00
prion
prion
Authorization
2015-02-18 02:59:00
ics
ics
Siemens SIMATIC STEP 7 TIA Portal Vulnerabilities
2018-08-29 12:00:00
6.9 Medium
AI Score
Confidence
Low
4.4 Medium
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:P/I:P/A:P
0.005 Low
EPSS
Percentile
75.7%
Related for CVE-2015-1356