Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2016-7165

A vulnerability has been identified in Primary Setup Tool (PST) (All versions < V4.2 HF1), SIMATIC IT Production Suite (All versions < V7.0 SP1 HFX 2), SIMATIC NET PC-Software (All versions < V14), SIMATIC PCS 7 V7.1 (All versions), SIMATIC PCS 7 V8.0 (All versions), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1), SIMATIC STEP 7 (TIA Portal) V13 (All versions < V13 SP2), SIMATIC STEP 7 V5.X (All versions < V5.5 SP4 HF11), SIMATIC WinCC (TIA Portal) Basic, Comfort, Advanced (All versions < V14), SIMATIC WinCC (TIA Portal) Professional V13 (All versions < V13 SP2), SIMATIC WinCC (TIA Portal) Professional V14 (All versions < V14 SP1), SIMATIC WinCC Runtime Professional V13 (All versions < V13 SP2), SIMATIC WinCC Runtime Professional V14 (All versions < V14 SP1), SIMATIC WinCC V7.0 SP2 and earlier versions (All versions < V7.0 SP2 Upd 12), SIMATIC WinCC V7.0 SP3 (All versions < V7.0 SP3 Upd 8), SIMATIC WinCC V7.2 (All versions < V7.2 Upd 14), SIMATIC WinCC V7.3 (All versions < V7.3 Upd 11), SIMATIC WinCC V7.4 (All versions < V7.4 SP1), SIMIT V9.0 (All versions < V9.0 SP1), SINEMA Remote Connect Client (All versions < V1.0 SP3), SINEMA Server (All versions < V13 SP2), SOFTNET Security Client V5.0 (All versions), Security Configuration Tool (SCT) (All versions < V4.3 HF1), TeleControl Server Basic (All versions < V3.0 SP2), WinAC RTX 2010 SP2 (All versions), WinAC RTX F 2010 SP2 (All versions). Unquoted service paths could allow local Microsoft Windows operating system users to escalate their privileges if the affected products are not installed under their default path ("C:\Program Files\*" or the localized equivalent).

Security Impact Summary

This vulnerability carries a MEDIUM severity rating with a CVSS v3.1 score of 6.4, requiring local system access to exploit but requires specific conditions to be met without requiring user interaction . The vulnerability impacts confidentiality (data exposure), integrity (unauthorized modifications), and availability (service disruption) for affected systems. Impacting 18 products from siemens, from siemens, from siemens and 15 others, organizations running these solutions should prioritize assessment and patching.

Historical Context

First disclosed in 2016, this vulnerability was reported during a period defined by widespread IoT adoption challenges, mobile security concerns, and the emergence of advanced persistent threat (APT) techniques. Contemporary mitigation strategies focused on secure development practices and third-party component vetting.

Published

2016-11-15T19:30:02.797

Last Modified

2025-04-12T10:46:40.837

Status

Deferred

Source

[email protected]

Severity

CVSSv3.0: 6.4 (MEDIUM)

CVSSv2 Vector

AV:L/AC:M/Au:N/C:C/I:C/A:C

Access Vector: LOCAL
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

3.4

Impact Score

10.0

Weaknesses

Type: Primary
CWE-254
CWE-284

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	siemens	primary_setup_tool	-	Yes
Application	siemens	security_configuration_tool	-	Yes
Application	siemens	simatic_it_production_suite	-	Yes
Application	siemens	simatic_net_pc_software	≤ 14.0	Yes
Application	siemens	simatic_pcs_7	≤ 7.1	Yes
Application	siemens	simatic_pcs7	8.0	Yes
Application	siemens	simatic_pcs7	8.1	Yes
Application	siemens	simatic_pcs7	8.2	Yes
Application	siemens	simatic_step_7	≤ 5.5	Yes
Application	siemens	simatic_step_7_\(tia_portal\)	≤ 14.0	Yes
Application	siemens	simatic_winac_rtx_2010	-	Yes
Application	siemens	simatic_winac_rtx_f_2010	-	Yes
Application	siemens	simatic_wincc	≤ 7.0	Yes
Application	siemens	simatic_wincc	7.0	Yes
Application	siemens	simatic_wincc	7.2	Yes
Application	siemens	simatic_wincc	7.3	Yes
Application	siemens	simatic_wincc	7.4	Yes
Application	siemens	simatic_wincc_\(tia_portal\)	≤ 14.0	Yes
Application	siemens	simatic_wincc_\(tia_portal\)	≤ 14.0	Yes
Application	siemens	simatic_wincc_\(tia_portal\)	≤ 14.0	Yes
Application	siemens	simatic_wincc_\(tia_portal\)	-	Yes
Application	siemens	simatic_wincc_runtime	-	Yes
Application	siemens	simit	9.0	Yes
Application	siemens	sinema_remote_connect	-	Yes
Application	siemens	sinema_server	≤ 13.0	Yes
Application	siemens	softnet_security_client	≤ 5.0	Yes
Application	siemens	telecontrol_basic	≤ 3.0	Yes

References

http://securityaffairs.co/wordpress/53266/security/cve-2016-7165-siemens.html Third Party Advisory ([email protected])
http://www.securityfocus.com/bid/94158 Third Party Advisory, VDB Entry ([email protected])
https://cert-portal.siemens.com/productcert/pdf/ssa-701708.pdf ([email protected])
https://ics-cert.us-cert.gov/advisories/ICSA-16-313-02 Third Party Advisory, US Government Resource ([email protected])
http://securityaffairs.co/wordpress/53266/security/cve-2016-7165-siemens.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/94158 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://cert-portal.siemens.com/productcert/pdf/ssa-701708.pdf (af854a3a-2127-422b-91ae-364da2661108)
https://ics-cert.us-cert.gov/advisories/ICSA-16-313-02 Third Party Advisory, US Government Resource (af854a3a-2127-422b-91ae-364da2661108)

How SecUtils Interprets This CVE

SecUtils normalizes and enriches National Vulnerability Database (NVD) records by standardizing vendor and product identifiers, aggregating vulnerability metadata from both NVD and MITRE sources, and providing structured context for security teams. For siemens's affected products, we extract Common Platform Enumeration (CPE) data, Common Weakness Enumeration (CWE) classifications, CVSS severity metrics, and reference data to enable rapid vulnerability prioritization and asset correlation. This record contains no exploit code, proof-of-concept instructions, or attack methodologies—only defensive intelligence necessary for patch management, risk assessment, and security operations.