← Back

CVE-2016-8672

nvd nist
Published: Nov 23, 2016Modified: May 6, 2026

JSON object

Loading...
5.3
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Exploitability: 3.9 / Impact: 1.4
Source: NVD

Description

A vulnerability has been identified in SIMATIC CP 343-1 Advanced (incl. SIPLUS NET variant) (All versions < V3.0.53), SIMATIC CP 443-1 Advanced (incl. SIPLUS NET variant) (All versions < V3.2.17), SIMATIC S7-300 PN/DP CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP CPU family (incl. SIPLUS variants) (All versions). The integrated web server delivers cookies without the "secure" flag. Modern browsers interpreting the flag would mitigate potential data leakage in case of clear text transmission.

Affected (4)

Siemens
4 products
Simatic Cp 343 1 Firmware
Simatic S7 300 Cpu Firmware
Simatic S7 400 Cpu Firmware
Simatic Cp 443 1 Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Simatic Cp 343 1 Firmware
All versions
Running on/withPlatform Versions
Siemens
Simatic Cp 343 1
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Simatic S7 300 Cpu Firmware
All versions
Running on/withPlatform Versions
Siemens
Simatic S7 300 Cpu
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Simatic S7 400 Cpu Firmware
All versions
Running on/withPlatform Versions
Siemens
Simatic S7 400 Cpu
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Simatic Cp 443 1 Firmware
All versions
Running on/withPlatform Versions
Siemens
Simatic Cp 443 1
All versions

Related CWEs

CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (2)

Source: cve@mitre.org
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.