CVE-2015-1601
medium
CVSS v3
—
CVSS v2
6.8
VIR risk
6.8
Description
Siemens SIMATIC STEP 7 (TIA Portal) 12 and 13 before 13 SP1 Upd1 allows man-in-the-middle attackers to obtain sensitive information or modify transmitted data via unspecified vectors.
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: cve@mitre.org — http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-315836.pdf
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| siemens | simatic_step_7 | {"endIncluding":"13"} | |
| siemens | simatic_step_7 | 12 | |
| siemens | simatic_step_7 | 13 | |
References
- http://www.securityfocus.com/bid/72691
- http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-315836.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-487246.pdf
- http://www.securityfocus.com/bid/72691
- http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-315836.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-487246.pdf
CWEs
CWE-254
Verify integrity in audit chain (admin only). AS-IS.