![]() ![]() The exploit is only triggered when a local user runs the vulnerable application and loads the malformed file. VULNERABILITY DETAILS EXPLOITABILITY This vulnerability is not exploitable remotely and cannot be exploited without user interaction. A CVSS v2 base score of 6.9 has been assigned the CVSS vector string is (AV:L/AC:M/Au:N/C:C/I:C/A:C). ![]() CVE-2015-1594 has been assigned to this vulnerability. For successful exploitation an unsuspecting user must be tricked into opening a manipulated application file. ![]() UNTRUSTED SEARCH PATH Insufficiently qualified paths could allow attackers to execute arbitrary code from files located on the local file system or connected network shares with the privileges of the user running the affected products. Siemens has produced updates for each of these products that mitigates this vulnerability. Ivan Sanchez from WiseSecurity Team has identified a search path vulnerability in the Siemens SIMATIC ProSave, SIMATIC CFC, SIMATIC STEP 7, SIMOTION Scout, and STARTER applications. OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-15-064-02 Siemens SIMATIC ProSave, SIMATIC CFC, SIMATIC STEP 7, SIMOTION Scout, and STARTER Insufficiently Qualified Paths that was published March 5, 2015, on the NCCIC/ICS‑CERT web site.
0 Comments
Leave a Reply. |