CVE-2015-1594

Published: Mar 7, 2015Modified: May 6, 2026

6.9

Vector

AV:L/AC:M/Au:N/C:C/I:C/A:C

Exploitability: 3.4 / Impact: 10.0

Source: NVD

Description

Untrusted search path vulnerability in Siemens SIMATIC ProSave before 13 SP1; SIMATIC CFC before 8.0 SP4 Upd9 and 8.1 before Upd1; SIMATIC STEP 7 before 5.5 SP1 HF2, 5.5 SP2 before HF7, 5.5 SP3, and 5.5 SP4 before HF4; SIMOTION Scout before 4.4; and STARTER before 4.4 HF3 allows local users to gain privileges via a Trojan horse application file.

Affected (9)

Products: Siemens: Starter, Simatic Prosave, Simotion Scout, Simatic Cfc, Simatic Step 7

5 products

Simatic Prosave

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Siemens Starter	Up to 4.4

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Siemens Simatic Prosave	Version 13.0

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Siemens Simotion Scout	Up to 4.3

Configuration D

2 vulnerable

Vulnerable Software	Affected Versions
Siemens Simatic Cfc	Up to 8.0
Siemens Simatic Cfc	Version 8.1

Configuration E

4 vulnerable

Vulnerable Software	Affected Versions
Siemens Simatic Step 7	Up to 5.5
Siemens Simatic Step 7	Version 5.5 sp2
Siemens Simatic Step 7	Version 5.5 sp3
Siemens Simatic Step 7	Version 5.5 sp4

References (4)

http://www.securitytracker.com/id/1032039

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-451236.pdf

Source: cve@mitre.org

Vendor Advisory

http://www.securitytracker.com/id/1032039

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-451236.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.