Описание
Siemens SIMATIC STEP 7 (TIA Portal) before 13 SP1 determines a user's privileges on the basis of project-file fields that lack integrity protection, which allows remote attackers to establish arbitrary authorization data via a modified file.
Уязвимые конфигурации
Конфигурация 1Версия до 13.0 (включая)
cpe:2.3:a:siemens:simatic_step_7:*:*:*:*:*:*:*:*
EPSS
Процентиль: 32%
0.00127
Низкий
4.4 Medium
CVSS2
Дефекты
CWE-264
Связанные уязвимости
github
больше 3 лет назад
Siemens SIMATIC STEP 7 (TIA Portal) before 13 SP1 determines a user's privileges on the basis of project-file fields that lack integrity protection, which allows remote attackers to establish arbitrary authorization data via a modified file.
EPSS
Процентиль: 32%
0.00127
Низкий
4.4 Medium
CVSS2
Дефекты
CWE-264