U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database

Vulnerability Change Records for CVE-2016-7165

Change History

CVE Modified by MITRE 1/18/2018 9:29:00 PM

Action Type Old Value New Value
Changed Description 
Unquoted Windows search path vulnerability in Siemens SIMATIC WinCC V7.0 SP2 before Upd 12, V7.0 SP3 before Upd 8, V7.2 before Upd 14, V7.3 before Upd 11, and V7.4 before SP1; SIMATIC STEP 7 V5.x before V5.5 SP4 HF11; SIMATIC PCS 7 through V8.2; SIMATIC WinCC Runtime Professional V13 before SP2 and V14 before SP1; SIMATIC WinCC (TIA Portal) Professional V13 before SP2 and V14 before SP1; SIMATIC WinCC (TIA Portal) Basic, Comfort, Advanced before 14; SIMATIC STEP 7 (TIA Portal) V13 before SP2; SIMATIC NET PC-Software before V14; SINEMA Remote Connect Client; SINEMA Server before V13 SP2; SIMATIC WinAC RTX 2010 SP2; SIMATIC WinAC RTX F 2010 SP2; SIMATIC IT Production Suite before V7.0 SP1 HFX 2; TeleControl Server Basic before 3.0 SP2; SOFTNET Security Client 5.0; SIMIT before V9.0 SP1; Security Configuration Tool (SCT) before V4.3 HF1; and Primary Setup Tool (PST) before V4.2 HF1, when the installation does not use the %PROGRAMFILES% directory, might allow local users to gain privileges via a Trojan horse executable file.
 
A vulnerability has been identified in Primary Setup Tool (PST), SIMATIC IT Production Suite, SIMATIC NET PC-Software, SIMATIC PCS 7 V7.1, SIMATIC PCS 7 V8.0, SIMATIC PCS 7 V8.1, SIMATIC PCS 7 V8.2, SIMATIC STEP 7 (TIA Portal) V13, SIMATIC STEP 7 V5.X, SIMATIC WinCC (TIA Portal) Basic, Comfort, Advanced, SIMATIC WinCC (TIA Portal) Professional V13, SIMATIC WinCC (TIA Portal) Professional V14, SIMATIC WinCC Runtime Professional V13, SIMATIC WinCC Runtime Professional V14, SIMATIC WinCC V7.0 SP2 and earlier versions, SIMATIC WinCC V7.0 SP3, SIMATIC WinCC V7.2, SIMATIC WinCC V7.3, SIMATIC WinCC V7.4, SIMIT V9.0, SINEMA Remote Connect Client, SINEMA Server, SOFTNET Security Client V5.0, Security Configuration Tool (SCT), TeleControl Server Basic, WinAC RTX 2010 SP2, WinAC RTX F 2010 SP2. Unquoted service paths could allow local Microsoft Windows operating system users to escalate their privileges if the affected products are not installed under their default path ("C:\Program Files\*" or the localized equivalent).
Added Reference 

								
							
							
								
							
						
								
							
								
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-701708.pdf [No Types Assigned]

								
								
					

					

						Removed
						Reference
						
							
							
								
							
								
http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-701708.pdf [Vendor Advisory]