CVE-2016-7960

Published: Oct 13, 2016Modified: May 6, 2026

2.5

Vector

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploitability: 1.0 / Impact: 1.4

Source: NVD

Description

Siemens SIMATIC STEP 7 (TIA Portal) before 14 uses an improper format for managing TIA project files during version updates, which makes it easier for local users to obtain sensitive configuration information via unspecified vectors.

Affected (1)

Products: Siemens: Simatic Step 7

Siemens

1 product

Simatic Step 7

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Siemens Simatic Step 7	Up to 13.010

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (6)

http://www.securityfocus.com/bid/93551

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-869766.pdf

Source: cve@mitre.org

Vendor Advisory

https://ics-cert.us-cert.gov/advisories/ICSA-16-287-03

Source: cve@mitre.org

MitigationPatchThird Party AdvisoryUS Government ResourceVDB Entry

http://www.securityfocus.com/bid/93551

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-869766.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://ics-cert.us-cert.gov/advisories/ICSA-16-287-03

Source: af854a3a-2127-422b-91ae-364da2661108

MitigationPatchThird Party AdvisoryUS Government ResourceVDB Entry

Timeline

No history available yet.