5.3

CVE-2016-8672

EPSS 0.23%
Published 23.11.2016 11:59:00
Last modified 12.04.2025 10:46:40
Source cve@mitre.org
Teams watchlist Login
Open Login

A vulnerability has been identified in SIMATIC CP 343-1 Advanced (incl. SIPLUS NET variant) (All versions < V3.0.53), SIMATIC CP 443-1 Advanced (incl. SIPLUS NET variant) (All versions < V3.2.17), SIMATIC S7-300 PN/DP CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP CPU family (incl. SIPLUS variants) (All versions). The integrated web server delivers cookies without the "secure" flag. Modern browsers interpreting the flag would mitigate potential data leakage in case of clear text transmission.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Siemens ≫ Simatic Cp 343-1 Firmware Version- SwEditionadvanced

Siemens ≫ Simatic Cp 343-1 Version-

Siemens ≫ Simatic S7 300 Cpu Firmware Version-

Siemens ≫ Simatic S7 300 Cpu Version-

Siemens ≫ Simatic S7 400 Cpu Firmware Version-

Siemens ≫ Simatic S7 400 Cpu Version-

Siemens ≫ Simatic Cp 443-1 Firmware Version- SwEditionadvanced

Siemens ≫ Simatic Cp 443-1 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.23%	0.431

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

https://cert-portal.siemens.com/productcert/pdf/ssa-603476.pdf

https://nvd.nist.gov/vuln/detail/CVE-2016-8672

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2016-8672

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2016-8672

EUVD