Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2016-8672

A vulnerability has been identified in SIMATIC CP 343-1 Advanced (incl. SIPLUS NET variant) (All versions < V3.0.53), SIMATIC CP 443-1 Advanced (incl. SIPLUS NET variant) (All versions < V3.2.17), SIMATIC S7-300 PN/DP CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP CPU family (incl. SIPLUS variants) (All versions). The integrated web server delivers cookies without the "secure" flag. Modern browsers interpreting the flag would mitigate potential data leakage in case of clear text transmission.

Published

2016-11-23T11:59:00.153

Last Modified

2025-04-12T10:46:40.837

Status

Deferred

Source

[email protected]

Severity

CVSSv3.0: 5.3 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

10.0

Impact Score

2.9

Weaknesses

Type: Primary
CWE-200

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	siemens	simatic_cp_343-1_firmware	-	Yes
Hardware	siemens	simatic_cp_343-1	-	No
Operating System	siemens	simatic_s7_300_cpu_firmware	-	Yes
Hardware	siemens	simatic_s7_300_cpu	-	No
Operating System	siemens	simatic_s7_400_cpu_firmware	-	Yes
Hardware	siemens	simatic_s7_400_cpu	-	No
Operating System	siemens	simatic_cp_443-1_firmware	-	Yes
Hardware	siemens	simatic_cp_443-1	-	No

References

https://cert-portal.siemens.com/productcert/pdf/ssa-603476.pdf ([email protected])
https://cert-portal.siemens.com/productcert/pdf/ssa-603476.pdf (af854a3a-2127-422b-91ae-364da2661108)