CVE-2015-1594 — Siemens Simatic CFC vulnerability

3 documents3 sources

Severity

6.9MEDIUMNVD

EPSS

0.1%

top 77.46%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Siemens Simatic CFC Siemens Simatic Step 7 Siemens Simotion Scout +2 more

Timeline

PublishedMar 7

Latest updateMay 17

Description

Untrusted search path vulnerability in Siemens SIMATIC ProSave before 13 SP1; SIMATIC CFC before 8.0 SP4 Upd9 and 8.1 before Upd1; SIMATIC STEP 7 before 5.5 SP1 HF2, 5.5 SP2 before HF7, 5.5 SP3, and 5.5 SP4 before HF4; SIMOTION Scout before 4.4; and STARTER before 4.4 HF3 allows local users to gain privileges via a Trojan horse application file.

CVSS vector

AV:L/AC:M/C:C/I:C/A:CExploitability: 3.4 | Impact: 10.0

Affected Packages5 packages

▶NVDsiemens/simatic_step_75.5+1

▶NVDsiemens/simatic_prosave13.0

▶NVDsiemens/simatic_cfc8.0+1

▶NVDsiemens/simotion_scout4.3

▶NVDsiemens/starter4.4

🔴Vulnerability Details

GHSA

GHSA-qvfq-5gx8-g3pw: Untrusted search path vulnerability in Siemens SIMATIC ProSave before 13 SP1; SIMATIC CFC before 8↗2022-05-17

▶

CVEList

CVE-2015-1594: Untrusted search path vulnerability in Siemens SIMATIC ProSave before 13 SP1; SIMATIC CFC before 8↗2015-03-07

▶