CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2016-8672

A vulnerability has been identified in SIMATIC CP 343-1 Advanced (incl. SIPLUS NET variant) (All versions < V3.0.53), SIMATIC CP 443-1 Advanced (incl. SIPLUS NET variant) (All versions < V3.2.17), SIMATIC S7-300 PN/DP CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP CPU family (incl. SIPLUS variants) (All versions). The integrated web server delivers cookies without the "secure" flag. Modern browsers interpreting the flag would mitigate potential data leakage in case of clear text transmission.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 46.1%

CVSS Severity

CVSS v3 Score 5.3

CVSS v2 Score 5.0

References

Products affected by CVE-2016-8672

Siemens » Simatic Cp 343-1 » Version: N/A

cpe:2.3:h:siemens:simatic_cp_343-1:-
Siemens » Simatic Cp 443-1 » Version: N/A

cpe:2.3:h:siemens:simatic_cp_443-1:-
Siemens » Simatic S7 300 Cpu » Version: N/A

cpe:2.3:h:siemens:simatic_s7_300_cpu:-
Siemens » Simatic S7 400 Cpu » Version: N/A

cpe:2.3:h:siemens:simatic_s7_400_cpu:-
Siemens » Simatic Cp 343-1 Firmware » Version: N/A

cpe:2.3:o:siemens:simatic_cp_343-1_firmware:-
Siemens » Simatic Cp 443-1 Firmware » Version: N/A

cpe:2.3:o:siemens:simatic_cp_443-1_firmware:-
Siemens » Simatic S7 300 Cpu Firmware » Version: N/A

cpe:2.3:o:siemens:simatic_s7_300_cpu_firmware:-
Siemens » Simatic S7 400 Cpu Firmware » Version: N/A

cpe:2.3:o:siemens:simatic_s7_400_cpu_firmware:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2016-8672

Products

Pricing

Contact Us