What is CVE-2016-7960?

CVE-2016-7960 is a low-severity vulnerability in Siemens Simatic_step_7, classified under Information Disclosure. CVSS score: 2.5/10. Published 2016-10-13.

How severe is CVE-2016-7960?

Low severity. CVSS v3 base score is 2.5 out of 10.

Information disclosure in Siemens Simatic_step_7

CVE-2016-7960

Siemens SIMATIC STEP 7 (TIA Portal) before 14 uses an improper format for managing TIA project files during version updates, which makes it easier for local users to obtain sensitive configuration information via unspecified vectors.

Vulnerability class: Information Disclosure

EPSS: 0.001 (25.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 2.5 (Low). Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N.

Affected products

Siemens Simatic_step_7
N/a — versions n/a

Weakness classification (CWE)

CWE-200 — Information Disclosure

References

cve@mitre.org (US Government Resource, Patch, VDB Entry, Third Party Advisory, x_refsource_MISC, Mitigation)
93551 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_BID)
cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)

Frequently asked questions

What is CVE-2016-7960?: CVE-2016-7960 is a low-severity vulnerability in Siemens Simatic_step_7, classified under Information Disclosure. CVSS score: 2.5/10. Published 2016-10-13.
How severe is CVE-2016-7960?: Low severity. CVSS v3 base score is 2.5 out of 10.