CVE-2015-1594 - Vulnerability Details - OpenCVE

Untrusted search path vulnerability in Siemens SIMATIC ProSave before 13 SP1; SIMATIC CFC before 8.0 SP4 Upd9 and 8.1 before Upd1; SIMATIC STEP 7 before 5.5 SP1 HF2, 5.5 SP2 before HF7, 5.5 SP3, and 5.5 SP4 before HF4; SIMOTION Scout before 4.4; and STARTER before 4.4 HF3 allows local users to gain privileges via a Trojan horse application file.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Siemens	Simatic Cfc Simatic Prosave Simatic Step 7 Simotion Scout Starter

Configuration 1 [-]

cpe:2.3:a:siemens:starter:*:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:a:siemens:simatic_prosave:13.0:*:*:*:*:*:*:*

Configuration 3 [-]

cpe:2.3:a:siemens:simotion_scout:*:sp1:*:*:*:*:*:*

Configuration 4 [-]

OR	cpe:2.3:a:siemens:simatic_cfc::sp4::::::*
	cpe:2.3:a:siemens:simatic_cfc:8.1:::::::*

Configuration 5 [-]

OR	cpe:2.3:a:siemens:simatic_step_7::sp1::::::*
	cpe:2.3:a:siemens:simatic_step_7:5.5:sp2::::::
	cpe:2.3:a:siemens:simatic_step_7:5.5:sp3::::::
	cpe:2.3:a:siemens:simatic_step_7:5.5:sp4::::::

No data.

References

Link	Providers
http://www.securitytracker.com/id/1032039
http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-451236.pdf

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2015-03-07T02:00:00

Updated: 2024-08-06T04:47:16.903Z

Reserved: 2015-02-13T00:00:00

Link: CVE-2015-1594

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2015-03-07T02:59:03.803

Modified: 2025-04-12T10:46:40.837

Link: CVE-2015-1594

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-03-05T00:00:00", "descriptions": [{"lang": "en", "value": "Untrusted search path vulnerability in Siemens SIMATIC ProSave before 13 SP1; SIMATIC CFC before 8.0 SP4 Upd9 and 8.1 before Upd1; SIMATIC STEP 7 before 5.5 SP1 HF2, 5.5 SP2 before HF7, 5.5 SP3, and 5.5 SP4 before HF4; SIMOTION Scout before 4.4; and STARTER before 4.4 HF3 allows local users to gain privileges via a Trojan horse application file."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2015-04-16T17:57:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-451236.pdf"}, {"name": "1032039", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1032039"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-1594", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Untrusted search path vulnerability in Siemens SIMATIC ProSave before 13 SP1; SIMATIC CFC before 8.0 SP4 Upd9 and 8.1 before Upd1; SIMATIC STEP 7 before 5.5 SP1 HF2, 5.5 SP2 before HF7, 5.5 SP3, and 5.5 SP4 before HF4; SIMOTION Scout before 4.4; and STARTER before 4.4 HF3 allows local users to gain privileges via a Trojan horse application file."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-451236.pdf", "refsource": "CONFIRM", "url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-451236.pdf"}, {"name": "1032039", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1032039"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T04:47:16.903Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-451236.pdf"}, {"name": "1032039", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1032039"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2015-1594", "datePublished": "2015-03-07T02:00:00", "dateReserved": "2015-02-13T00:00:00", "dateUpdated": "2024-08-06T04:47:16.903Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:siemens:starter:*:*:*:*:*:*:*:*", "matchCriteriaId": "501269A6-E397-4D1D-9F70-269E6E283449", "versionEndIncluding": "4.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:siemens:simatic_prosave:13.0:*:*:*:*:*:*:*", "matchCriteriaId": "BC729DF0-989D-419B-9116-E5A4B8C3BA36", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:siemens:simotion_scout:*:sp1:*:*:*:*:*:*", "matchCriteriaId": "34604902-7B50-46C4-BD8B-A0DE87830C0B", "versionEndIncluding": "4.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:siemens:simatic_cfc:*:sp4:*:*:*:*:*:*", "matchCriteriaId": "1673541E-F7D7-4D3A-B726-2A9652A40391", "versionEndIncluding": "8.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:simatic_cfc:8.1:*:*:*:*:*:*:*", "matchCriteriaId": "AC9F34FA-9354-4B05-A27B-BE0BD64C3AE8", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:siemens:simatic_step_7:*:sp1:*:*:*:*:*:*", "matchCriteriaId": "57265D20-9AA4-47E9-BFE9-7DF015F2EAF8", "versionEndIncluding": "5.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:simatic_step_7:5.5:sp2:*:*:*:*:*:*", "matchCriteriaId": "A3980E15-DB30-4CD8-B38C-734D56C2C076", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:simatic_step_7:5.5:sp3:*:*:*:*:*:*", "matchCriteriaId": "747A5E70-8D94-43D3-83C3-F7E78301024A", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:simatic_step_7:5.5:sp4:*:*:*:*:*:*", "matchCriteriaId": "26960308-B20D-414D-AB84-8C93C101E397", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Untrusted search path vulnerability in Siemens SIMATIC ProSave before 13 SP1; SIMATIC CFC before 8.0 SP4 Upd9 and 8.1 before Upd1; SIMATIC STEP 7 before 5.5 SP1 HF2, 5.5 SP2 before HF7, 5.5 SP3, and 5.5 SP4 before HF4; SIMOTION Scout before 4.4; and STARTER before 4.4 HF3 allows local users to gain privileges via a Trojan horse application file."}, {"lang": "es", "value": "Vulnerabilidad de ruta de b\u00fasqueda no confiable en Siemens SIMATIC ProSave anterior a 13 SP1; SIMATIC CFC anterior a 8.0 SP4 Upd9 y 8.1 anterior a Upd1; SIMATIC STEP 7 anterior a 5.5 SP1 HF2, 5.5 SP2 anterior a HF7, 5.5 SP3, y 5.5 SP4 anterior a HF4; SIMOTION Scout anterior a 4.4; y STARTER anterior a 4.4 HF3 permite a usuarios locales ganar privilegios a trav\u00e9s de un fichero de aplicaciones troyano."}], "evaluatorComment": "<a href=\"http://cwe.mitre.org/data/definitions/426.html\">CWE-426: Untrusted Search Path</a>", "id": "CVE-2015-1594", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.9, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2015-03-07T02:59:03.803", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1032039"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-451236.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1032039"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-451236.pdf"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}