CVE-2015-1356 : Siemens SIMATIC STEP 7 (TIA Portal) before 13 SP1 determines a user's privileges on the basis of project-file fields tha

Siemens SIMATIC STEP 7 (TIA Portal) before 13 SP1 determines a user's privileges on the basis of project-file fields that lack integrity protection, which allows remote attackers to establish arbitrary authorization data via a modified file.

Published 2015-02-18 02:59:07

Updated 2015-02-18 18:37:01

Source MITRE

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2015-1356

Probability of exploitation activity in the next 30 days: 0.47%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 72 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2015-1356

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.4	MEDIUM	AV:L/AC:M/Au:N/C:P/I:P/A:P	3.4	6.4	NIST
Access Vector: Local Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

CWE ids for CVE-2015-1356

CWE-264

Assigned by: nvd@nist.gov (Primary)

References for CVE-2015-1356

http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-234789.pdf

Vendor Advisory

CVEs referencing this url

Products affected by CVE-2015-1356

Siemens » Simatic Step 7
Versions up to, including, (<=) 13.0
cpe:2.3:a:siemens:simatic_step_7:*:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2015-1356

Exploit prediction scoring system (EPSS) score for CVE-2015-1356

CVSS scores for CVE-2015-1356

CWE ids for CVE-2015-1356

References for CVE-2015-1356

Products affected by CVE-2015-1356