CVE-2012-3015

Published: Jul 26, 2012Modified: Apr 29, 2026

6.9

Vector

AV:L/AC:M/Au:N/C:C/I:C/A:C

Exploitability: 3.4 / Impact: 10.0

Source: NVD

Description

Untrusted search path vulnerability in Siemens SIMATIC STEP7 before 5.5 SP1, as used in SIMATIC PCS7 7.1 SP3 and earlier and other products, allows local users to gain privileges via a Trojan horse DLL in a STEP7 project folder.

Affected (2)

Products: Siemens: Simatic Pcs7, Simatic Step 7

Siemens

2 products

Simatic Pcs7

Simatic Step 7

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Siemens Simatic Pcs7	Up to 7.1
Siemens Simatic Step 7	Up to 5.5

References (4)

http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-110665.pdf

Source: ics-cert@hq.dhs.gov

Vendor Advisory

http://www.us-cert.gov/control_systems/pdf/ICSA-12-205-02.pdf

Source: ics-cert@hq.dhs.gov

US Government Resource

http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-110665.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.us-cert.gov/control_systems/pdf/ICSA-12-205-02.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

US Government Resource

Timeline

No history available yet.