Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2015-1356

Overview

Vulnerability Score 4.4 4.4
CVE Id CVE-2015-1356
Last Modified 18 Feb 2015 01:37:01
Published 17 Feb 2015 09:59:06
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2015-1356

Summary

Siemens SIMATIC STEP 7 (TIA Portal) before 13 SP1 determines a user's privileges on the basis of project-file fields that lack integrity protection, which allows remote attackers to establish arbitrary authorization data via a modified file.

Vulnerable Systems

Application

  • Siemens Simatic Step 7 13.0


References

CONFIRM - http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-234789.pdf


Last Updated: 27 May 2016 11:07:52