CVE-2016-7960

low

Published 2016-10-13 · Modified 2026-05-06

CVSS v3

2.5

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

CVSS v2

1.9

VIR risk

2.5

Description

Siemens SIMATIC STEP 7 (TIA Portal) before 14 uses an improper format for managing TIA project files during version updates, which makes it easier for local users to obtain sensitive configuration information via unspecified vectors.

Predictions

Exploit likelihood

27%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://ics-cert.us-cert.gov/advisories/ICSA-16-287-03

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-869766.pdf

Application impact

Vendor	Product	Versions	Fixed
siemens	simatic_step_7	`{"endIncluding":"13.010"}`

References

http://www.securityfocus.com/bid/93551
http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-869766.pdf
https://ics-cert.us-cert.gov/advisories/ICSA-16-287-03
http://www.securityfocus.com/bid/93551
http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-869766.pdf
https://ics-cert.us-cert.gov/advisories/ICSA-16-287-03

CWEs

CWE-200

Verify integrity in audit chain (admin only). AS-IS.