Siemens SIMATIC STEP 7 (TIA Portal) Information Disclosure Vulnerabilities

CVSS 2.5 LOW

CVEs (2)

CVE-2016-7960 CVE-2016-7959

Access to the TIA Portal project files on engineering workstations or network storage must be protected with appropriate mechanisms from unauthorized access.
Siemens provides SIMATIC STEP 7 (TIA Portal) V14, which fixes the vulnerabilities and recommends users migrate projects to the new version. It can be found at the following location on the Siemens web site: (https://support.industry.siemens.com/cs/ww/en/view/109740340)
Siemens strongly recommends users protect network access to engineering workstations and project storage with appropriate mechanisms. Siemens also advises that users configure the operational environment according to Siemens’ Operational Guidelines for Industrial Security: (https://www.siemens.com/cert/operational-guidelines-industrial-security)
For more information on these vulnerabilities and more detailed mitigation instructions, please see Siemens Security Advisory SSA-869766 at the following location: (https://cert-portal.siemens.com/productcert/pdf/ssa-869766.pdf)

Siemens

Siemens · SIMATIC STEP 7 (TIA Portal) <V14

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.