Vigil@nce - SIMATIC STEP 7: two vulnerabilities
October 2016 by Vigil@nce
This bulletin was written by Vigil@nce : https://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use several vulnerabilities of SIMATIC STEP 7.
Impacted products: SIMATIC.
Severity: 1/4.
Creation date: 12/10/2016.
DESCRIPTION OF THE VULNERABILITY
Several vulnerabilities were announced in SIMATIC STEP 7.
A local attacker can perform a brute-force, in order to obtain
sensitive information about machine to machine communication.
[severity:1/4; CVE-2016-7959]
An attacker can bypass security features via TIA Portal Project
File, in order to obtain sensitive information. [severity:1/4;
CVE-2016-7960]
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
https://vigilance.fr/vulnerability/SIMATIC-STEP-7-two-vulnerabilities-20845