Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2015-1594

Overview

Vulnerability Score 6.9 6.9
CVE Id CVE-2015-1594
Last Modified 17 Apr 2015 10:00:11
Published 06 Mar 2015 09:59:03
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2015-1594

Summary

Untrusted search path vulnerability in Siemens SIMATIC ProSave before 13 SP1; SIMATIC CFC before 8.0 SP4 Upd9 and 8.1 before Upd1; SIMATIC STEP 7 before 5.5 SP1 HF2, 5.5 SP2 before HF7, 5.5 SP3, and 5.5 SP4 before HF4; SIMOTION Scout before 4.4; and STARTER before 4.4 HF3 allows local users to gain privileges via a Trojan horse application file.

Vulnerable Systems

Application

  • Siemens Simatic Cfc 8.0

  • Siemens Simatic Cfc 8.1

  • Siemens Simatic Prosave 13.0

  • Siemens Simatic Step 7 5.5

  • Siemens Simotion Scout 4.3

  • Siemens Starter 4.4


References

CONFIRM - http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-451236.pdf

SECTRACK - 1032039


Last Updated: 27 May 2016 11:07:58