CNVD-2016-11664 — Vulnetix

CNVD-2016-11664 PUBLISHED

Siemens SIMATIC S7-300/S7-400 CPU families是用于在工业环境中提供离散的和连续的控制，如制造业,食品和饮料,全球化学工业。 SIMATIC S7-300/S7-400 CPU family存在信息泄露漏洞。由于集成的web服务器提供的cookie值未含“secure”标记，浏览器在编译此标记时，将减少明文传输导致的数据泄露。攻击者利用漏洞可获取敏感信息。

Affected Products

Vendor	Product	Versions
	SIEMENS SIMATIC S7-300 CPU family All
	SIEMENS SIMATIC S7-400 CPU family All

Timeline

Nov 22, 2016 CVE ID Reserved
Nov 30, 2016 CVE Published

References

http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-603476.pdf url

Open in Interactive Console →