CVE-2015-1601 — Siemens Simatic Step 7 vulnerability

CWE-2543 documents3 sources

Severity

6.8MEDIUMNVD

EPSS

0.4%

top 39.56%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Siemens Simatic Step 7

Timeline

PublishedApr 6

Latest updateMay 17

Description

Siemens SIMATIC STEP 7 (TIA Portal) 12 and 13 before 13 SP1 Upd1 allows man-in-the-middle attackers to obtain sensitive information or modify transmitted data via unspecified vectors.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

▶NVDsiemens/simatic_step_713+2

Patches

Patch: www.siemens.com ↗Patch: www.siemens.com ↗

🔴Vulnerability Details

GHSA

GHSA-j49f-f6qh-cgr9: Siemens SIMATIC STEP 7 (TIA Portal) 12 and 13 before 13 SP1 Upd1 allows man-in-the-middle attackers to obtain sensitive information or modify transmit↗2022-05-17

▶

CVEList

CVE-2015-1601: Siemens SIMATIC STEP 7 (TIA Portal) 12 and 13 before 13 SP1 Upd1 allows man-in-the-middle attackers to obtain sensitive information or modify transmit↗2015-04-06

▶