cnvd - cnvd-2016-10732

cnvd-2016-10732

Vulnerability from cnvd

Title: Siemens多款产品存在权限提升漏洞（CNVD-2016-10732）

Description:

德国西门子股份公司创立于1847年，专注于电气化、自动化和数字化领域。西门子在海上风机建设、燃气轮机和蒸汽轮机发电、输电解决方案、基础设施解决方案、工业自动化、驱动和软件解决方案，以及医疗成像设备和实验室诊断等领域占据领先地位。

Siemens多款产品存在权限提升漏洞。当受影响的产品未安装在默认路径“C:\ Program Files \ *”下时，非挂牌服务路径可以允许本地Microsoft Windows操作系统用户提升权限。

Severity: 中

Patch Name: Siemens多款产品存在权限提升漏洞（CNVD-2016-10732）的补丁

Patch Description:

SIMATIC WinCC(Windows Control Center)视窗控制中心，是西门子的过程监视系统，为工业领域提供完备的监控与数据采集（SCADA）功能；PCS 7系统是无缝集成的自动化解决方案，可以应用于所有工业领域。

Siemens多款产品存在权限提升漏洞。当受影响的产品未安装在默认路径“C:\ Program Files \ *”下时，非挂牌服务路径可以允许本地Microsoft Windows操作系统用户提升权限。拥有受影响产品的本地操作系统访问权限的本地攻击者利用漏洞可提升权限。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

厂商已发布安全公告修复该漏洞，请及时关注更新： https://support.industry.siemens.com/cs/ww/en/view/109741519 https://support.industry.siemens.com/cs/ww/en/view/109741127 https://support.industry.siemens.com/cs/ww/en/view/109742642 https://support.industry.siemens.com/cs/ww/en/view/109739719 https://support.industry.siemens.com/cs/ww/en/view/109740340 https://support.industry.siemens.com/cs/ww/en/view/109741996 https://support.industry.siemens.com/cs/ww/en/view/109483119 https://support.industry.siemens.com/cs/ww/en/view/109741833 https://support.industry.siemens.com/cs/ww/en/view/109743963 https://support.industry.siemens.com/cs/ww/en/view/109744041 其他版本的临时修复参考如下链接： https://support.industry.siemens.com/cs/ww/en/view/109740929

Reference: http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-701708.pdf

Impacted products

Name
['Siemens SIMATIC STEP 7 5.x', 'SIEMENS SIMATIC PCS 7 8.0', 'SIEMENS SIMATIC PCS 7 8.1\x7f', 'SIEMENS SIMATIC PCS 7 8.2', 'SIEMENS SIMATIC WinCC 7.3 x', 'SIEMENS SIMATIC WinCC 7.4 x', 'Siemens SINEMA Server', 'SIEMENS SIMATIC WinCC 7.2 x', 'SIEMENS SIMATIC WinCC 7.0 SP2，<7.0 SP2 Upd 12', 'SIEMENS SIMATIC WinCC 7.0 SP3，<7.0 SP3 Upd 8', 'SIEMENS SIMATIC NET PC-Software <14', 'SIEMENS SIMATIC WinCC Runtime Professional All', 'Siemens SIMATIC STEP 7 (TIA Portal) <14', 'SIEMENS SIMATIC WinCC (TIA Portal) Basic <14', 'SIEMENS SIMATIC WinCC (TIA Portal) Comfort <14', 'SIEMENS SIMATIC WinCC (TIA Portal) Advanced <14', 'SIEMENS SIMATIC WinCC (TIA Portal) Professional All', 'SIEMENS SINEMA Remote Connect Client All', 'SIEMENS SIMATIC WinAC RTX 2010 SP2 All', 'SIEMENS SIMATIC WinAC RTX F 2010 SP2 All', 'SIEMENS SIMATIC IT Production Suite All', 'SIEMENS TeleControl Server Basic <3.0 SP2', 'SIEMENS SOFTNET Security Client V5.0 All', 'SIEMENS SIMIT 9.0', 'SIEMENS Security Configuration Tool (SCT) All', 'SIEMENS Primary Setup Tool (PST) All']

Name

['Siemens SIMATIC STEP 7 5.x', 'SIEMENS SIMATIC PCS 7 8.0', 'SIEMENS SIMATIC PCS 7 8.1\x7f', 'SIEMENS SIMATIC PCS 7 8.2', 'SIEMENS SIMATIC WinCC 7.3 x', 'SIEMENS SIMATIC WinCC 7.4 x', 'Siemens SINEMA Server', 'SIEMENS SIMATIC WinCC 7.2 x', 'SIEMENS SIMATIC WinCC 7.0 SP2，<7.0 SP2 Upd 12', 'SIEMENS SIMATIC WinCC 7.0 SP3，<7.0 SP3 Upd 8', 'SIEMENS SIMATIC NET PC-Software <14', 'SIEMENS SIMATIC WinCC Runtime Professional All', 'Siemens SIMATIC STEP 7 (TIA Portal) <14', 'SIEMENS SIMATIC WinCC (TIA Portal) Basic <14', 'SIEMENS SIMATIC WinCC (TIA Portal) Comfort <14', 'SIEMENS SIMATIC WinCC (TIA Portal) Advanced <14', 'SIEMENS SIMATIC WinCC (TIA Portal) Professional All', 'SIEMENS SINEMA Remote Connect Client All', 'SIEMENS SIMATIC WinAC RTX 2010 SP2 All', 'SIEMENS SIMATIC WinAC RTX F 2010 SP2 All', 'SIEMENS SIMATIC IT Production Suite All', 'SIEMENS TeleControl Server Basic <3.0 SP2', 'SIEMENS SOFTNET Security Client V5.0 All', 'SIEMENS SIMIT 9.0', 'SIEMENS Security Configuration Tool (SCT) All', 'SIEMENS Primary Setup Tool (PST) All']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-7165"
    }
  },
  "description": "\u5fb7\u56fd\u897f\u95e8\u5b50\u80a1\u4efd\u516c\u53f8\u521b\u7acb\u4e8e1847\u5e74\uff0c\u4e13\u6ce8\u4e8e\u7535\u6c14\u5316\u3001\u81ea\u52a8\u5316\u548c\u6570\u5b57\u5316\u9886\u57df\u3002\u897f\u95e8\u5b50\u5728\u6d77\u4e0a\u98ce\u673a\u5efa\u8bbe\u3001\u71c3\u6c14\u8f6e\u673a\u548c\u84b8\u6c7d\u8f6e\u673a\u53d1\u7535\u3001\u8f93\u7535\u89e3\u51b3\u65b9\u6848\u3001\u57fa\u7840\u8bbe\u65bd\u89e3\u51b3\u65b9\u6848\u3001\u5de5\u4e1a\u81ea\u52a8\u5316\u3001\u9a71\u52a8\u548c\u8f6f\u4ef6\u89e3\u51b3\u65b9\u6848\uff0c\u4ee5\u53ca\u533b\u7597\u6210\u50cf\u8bbe\u5907\u548c\u5b9e\u9a8c\u5ba4\u8bca\u65ad\u7b49\u9886\u57df\u5360\u636e\u9886\u5148\u5730\u4f4d\u3002\r\n\r\nSiemens\u591a\u6b3e\u4ea7\u54c1\u5b58\u5728\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\u3002\u5f53\u53d7\u5f71\u54cd\u7684\u4ea7\u54c1\u672a\u5b89\u88c5\u5728\u9ed8\u8ba4\u8def\u5f84\u201cC:\\ Program Files \\ *\u201d\u4e0b\u65f6\uff0c\u975e\u6302\u724c\u670d\u52a1\u8def\u5f84\u53ef\u4ee5\u5141\u8bb8\u672c\u5730Microsoft Windows\u64cd\u4f5c\u7cfb\u7edf\u7528\u6237\u63d0\u5347\u6743\u9650\u3002",
  "discovererName": "WATERSURE and KIANDRA IT",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u5b89\u5168\u516c\u544a\u4fee\u590d\u8be5\u6f0f\u6d1e\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a \r\nhttps://support.industry.siemens.com/cs/ww/en/view/109741519\r\nhttps://support.industry.siemens.com/cs/ww/en/view/109741127\r\nhttps://support.industry.siemens.com/cs/ww/en/view/109742642\r\nhttps://support.industry.siemens.com/cs/ww/en/view/109739719\r\nhttps://support.industry.siemens.com/cs/ww/en/view/109740340\r\nhttps://support.industry.siemens.com/cs/ww/en/view/109741996\r\nhttps://support.industry.siemens.com/cs/ww/en/view/109483119\r\nhttps://support.industry.siemens.com/cs/ww/en/view/109741833\r\nhttps://support.industry.siemens.com/cs/ww/en/view/109743963\r\nhttps://support.industry.siemens.com/cs/ww/en/view/109744041\r\n\u5176\u4ed6\u7248\u672c\u7684\u4e34\u65f6\u4fee\u590d\u53c2\u8003\u5982\u4e0b\u94fe\u63a5\uff1a\r\nhttps://support.industry.siemens.com/cs/ww/en/view/109740929",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-10732",
  "openTime": "2016-11-08",
  "patchDescription": "SIMATIC WinCC(Windows Control Center)\u89c6\u7a97\u63a7\u5236\u4e2d\u5fc3\uff0c\u662f\u897f\u95e8\u5b50\u7684\u8fc7\u7a0b\u76d1\u89c6\u7cfb\u7edf\uff0c\u4e3a\u5de5\u4e1a\u9886\u57df\u63d0\u4f9b\u5b8c\u5907\u7684\u76d1\u63a7\u4e0e\u6570\u636e\u91c7\u96c6\uff08SCADA\uff09\u529f\u80fd\uff1bPCS 7\u7cfb\u7edf\u662f\u65e0\u7f1d\u96c6\u6210\u7684\u81ea\u52a8\u5316\u89e3\u51b3\u65b9\u6848\uff0c\u53ef\u4ee5\u5e94\u7528\u4e8e\u6240\u6709\u5de5\u4e1a\u9886\u57df\u3002\r\n\r\nSiemens\u591a\u6b3e\u4ea7\u54c1\u5b58\u5728\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\u3002\u5f53\u53d7\u5f71\u54cd\u7684\u4ea7\u54c1\u672a\u5b89\u88c5\u5728\u9ed8\u8ba4\u8def\u5f84\u201cC:\\ Program Files \\ *\u201d\u4e0b\u65f6\uff0c\u975e\u6302\u724c\u670d\u52a1\u8def\u5f84\u53ef\u4ee5\u5141\u8bb8\u672c\u5730Microsoft Windows\u64cd\u4f5c\u7cfb\u7edf\u7528\u6237\u63d0\u5347\u6743\u9650\u3002\u62e5\u6709\u53d7\u5f71\u54cd\u4ea7\u54c1\u7684\u672c\u5730\u64cd\u4f5c\u7cfb\u7edf\u8bbf\u95ee\u6743\u9650\u7684\u672c\u5730\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u53ef\u63d0\u5347\u6743\u9650\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Siemens\u591a\u6b3e\u4ea7\u54c1\u5b58\u5728\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\uff08CNVD-2016-10732\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Siemens SIMATIC STEP 7 5.x",
      "SIEMENS SIMATIC PCS 7 8.0",
      "SIEMENS SIMATIC PCS 7 8.1\u007f",
      "SIEMENS SIMATIC PCS 7 8.2",
      "SIEMENS SIMATIC WinCC 7.3 x",
      "SIEMENS SIMATIC WinCC 7.4 x",
      "Siemens SINEMA Server",
      "SIEMENS SIMATIC WinCC 7.2 x",
      "SIEMENS SIMATIC WinCC 7.0 SP2\uff0c\u003c7.0 SP2 Upd 12",
      "SIEMENS SIMATIC WinCC 7.0 SP3\uff0c\u003c7.0 SP3 Upd 8",
      "SIEMENS SIMATIC NET PC-Software \u003c14",
      "SIEMENS SIMATIC WinCC Runtime Professional All",
      "Siemens SIMATIC STEP 7 (TIA Portal) \u003c14",
      "SIEMENS SIMATIC WinCC (TIA Portal) Basic \u003c14",
      "SIEMENS SIMATIC WinCC (TIA Portal) Comfort \u003c14",
      "SIEMENS SIMATIC WinCC (TIA Portal) Advanced \u003c14",
      "SIEMENS SIMATIC WinCC (TIA Portal) Professional All",
      "SIEMENS SINEMA Remote Connect Client All",
      "SIEMENS SIMATIC WinAC RTX 2010 SP2 All",
      "SIEMENS SIMATIC WinAC RTX F 2010 SP2 All",
      "SIEMENS SIMATIC IT Production Suite All",
      "SIEMENS TeleControl Server Basic \u003c3.0 SP2",
      "SIEMENS SOFTNET Security Client V5.0 All",
      "SIEMENS SIMIT 9.0",
      "SIEMENS Security Configuration Tool (SCT) All",
      "SIEMENS Primary Setup Tool (PST) All"
    ]
  },
  "referenceLink": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-701708.pdf",
  "serverity": "\u4e2d",
  "submitTime": "2016-11-08",
  "title": "Siemens\u591a\u6b3e\u4ea7\u54c1\u5b58\u5728\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\uff08CNVD-2016-10732\uff09"
}

CVE-2016-7165 (GCVE-0-2016-7165)

Vulnerability from cvelistv5

Published

2016-11-15 19:00

Modified

2024-08-06 01:50

Severity ?

CWE

Summary

A vulnerability has been identified in Primary Setup Tool (PST) (All versions < V4.2 HF1), SIMATIC IT Production Suite (All versions < V7.0 SP1 HFX 2), SIMATIC NET PC-Software (All versions < V14), SIMATIC PCS 7 V7.1 (All versions), SIMATIC PCS 7 V8.0 (All versions), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1), SIMATIC STEP 7 (TIA Portal) V13 (All versions < V13 SP2), SIMATIC STEP 7 V5.X (All versions < V5.5 SP4 HF11), SIMATIC WinCC (TIA Portal) Basic, Comfort, Advanced (All versions < V14), SIMATIC WinCC (TIA Portal) Professional V13 (All versions < V13 SP2), SIMATIC WinCC (TIA Portal) Professional V14 (All versions < V14 SP1), SIMATIC WinCC Runtime Professional V13 (All versions < V13 SP2), SIMATIC WinCC Runtime Professional V14 (All versions < V14 SP1), SIMATIC WinCC V7.0 SP2 and earlier versions (All versions < V7.0 SP2 Upd 12), SIMATIC WinCC V7.0 SP3 (All versions < V7.0 SP3 Upd 8), SIMATIC WinCC V7.2 (All versions < V7.2 Upd 14), SIMATIC WinCC V7.3 (All versions < V7.3 Upd 11), SIMATIC WinCC V7.4 (All versions < V7.4 SP1), SIMIT V9.0 (All versions < V9.0 SP1), SINEMA Remote Connect Client (All versions < V1.0 SP3), SINEMA Server (All versions < V13 SP2), SOFTNET Security Client V5.0 (All versions), Security Configuration Tool (SCT) (All versions < V4.3 HF1), TeleControl Server Basic (All versions < V3.0 SP2), WinAC RTX 2010 SP2 (All versions), WinAC RTX F 2010 SP2 (All versions). Unquoted service paths could allow local Microsoft Windows operating system users to escalate their privileges if the affected products are not installed under their default path ("C:\Program Files\*" or the localized equivalent).

References

▼	URL	Tags
	https://ics-cert.us-cert.gov/advisories/ICSA-16-313-02	x_refsource_MISC
	http://securityaffairs.co/wordpress/53266/security/cve-2016-7165-siemens.html	x_refsource_MISC
	http://www.securityfocus.com/bid/94158	vdb-entry, x_refsource_BID
	https://cert-portal.siemens.com/productcert/pdf/ssa-701708.pdf	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T01:50:47.526Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-313-02"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://securityaffairs.co/wordpress/53266/security/cve-2016-7165-siemens.html"
          },
          {
            "name": "94158",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/94158"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-701708.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-11-07T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in Primary Setup Tool (PST) (All versions \u003c V4.2 HF1), SIMATIC IT Production Suite (All versions \u003c V7.0 SP1 HFX 2), SIMATIC NET PC-Software (All versions \u003c V14), SIMATIC PCS 7 V7.1 (All versions), SIMATIC PCS 7 V8.0 (All versions), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions \u003c V8.2 SP1), SIMATIC STEP 7 (TIA Portal) V13 (All versions \u003c V13 SP2), SIMATIC STEP 7 V5.X (All versions \u003c V5.5 SP4 HF11), SIMATIC WinCC (TIA Portal) Basic, Comfort, Advanced (All versions \u003c V14), SIMATIC WinCC (TIA Portal) Professional V13 (All versions \u003c V13 SP2), SIMATIC WinCC (TIA Portal) Professional V14 (All versions \u003c V14 SP1), SIMATIC WinCC Runtime Professional V13 (All versions \u003c V13 SP2), SIMATIC WinCC Runtime Professional V14 (All versions \u003c V14 SP1), SIMATIC WinCC V7.0 SP2 and earlier versions (All versions \u003c V7.0 SP2 Upd 12), SIMATIC WinCC V7.0 SP3 (All versions \u003c V7.0 SP3 Upd 8), SIMATIC WinCC V7.2 (All versions \u003c V7.2 Upd 14), SIMATIC WinCC V7.3 (All versions \u003c V7.3 Upd 11), SIMATIC WinCC V7.4 (All versions \u003c V7.4 SP1), SIMIT V9.0 (All versions \u003c V9.0 SP1), SINEMA Remote Connect Client (All versions \u003c V1.0 SP3), SINEMA Server (All versions \u003c V13 SP2), SOFTNET Security Client V5.0 (All versions), Security Configuration Tool (SCT) (All versions \u003c V4.3 HF1), TeleControl Server Basic (All versions \u003c V3.0 SP2), WinAC RTX 2010 SP2 (All versions), WinAC RTX F 2010 SP2 (All versions). Unquoted service paths could allow local Microsoft Windows operating system users to escalate their privileges if the affected products are not installed under their default path (\"C:\\Program Files\\*\" or the localized equivalent)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-06-14T20:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-313-02"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://securityaffairs.co/wordpress/53266/security/cve-2016-7165-siemens.html"
        },
        {
          "name": "94158",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/94158"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-701708.pdf"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-7165",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability has been identified in Primary Setup Tool (PST) (All versions \u003c V4.2 HF1), SIMATIC IT Production Suite (All versions \u003c V7.0 SP1 HFX 2), SIMATIC NET PC-Software (All versions \u003c V14), SIMATIC PCS 7 V7.1 (All versions), SIMATIC PCS 7 V8.0 (All versions), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions \u003c V8.2 SP1), SIMATIC STEP 7 (TIA Portal) V13 (All versions \u003c V13 SP2), SIMATIC STEP 7 V5.X (All versions \u003c V5.5 SP4 HF11), SIMATIC WinCC (TIA Portal) Basic, Comfort, Advanced (All versions \u003c V14), SIMATIC WinCC (TIA Portal) Professional V13 (All versions \u003c V13 SP2), SIMATIC WinCC (TIA Portal) Professional V14 (All versions \u003c V14 SP1), SIMATIC WinCC Runtime Professional V13 (All versions \u003c V13 SP2), SIMATIC WinCC Runtime Professional V14 (All versions \u003c V14 SP1), SIMATIC WinCC V7.0 SP2 and earlier versions (All versions \u003c V7.0 SP2 Upd 12), SIMATIC WinCC V7.0 SP3 (All versions \u003c V7.0 SP3 Upd 8), SIMATIC WinCC V7.2 (All versions \u003c V7.2 Upd 14), SIMATIC WinCC V7.3 (All versions \u003c V7.3 Upd 11), SIMATIC WinCC V7.4 (All versions \u003c V7.4 SP1), SIMIT V9.0 (All versions \u003c V9.0 SP1), SINEMA Remote Connect Client (All versions \u003c V1.0 SP3), SINEMA Server (All versions \u003c V13 SP2), SOFTNET Security Client V5.0 (All versions), Security Configuration Tool (SCT) (All versions \u003c V4.3 HF1), TeleControl Server Basic (All versions \u003c V3.0 SP2), WinAC RTX 2010 SP2 (All versions), WinAC RTX F 2010 SP2 (All versions). Unquoted service paths could allow local Microsoft Windows operating system users to escalate their privileges if the affected products are not installed under their default path (\"C:\\Program Files\\*\" or the localized equivalent)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-313-02",
              "refsource": "MISC",
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-313-02"
            },
            {
              "name": "http://securityaffairs.co/wordpress/53266/security/cve-2016-7165-siemens.html",
              "refsource": "MISC",
              "url": "http://securityaffairs.co/wordpress/53266/security/cve-2016-7165-siemens.html"
            },
            {
              "name": "94158",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/94158"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-701708.pdf",
              "refsource": "CONFIRM",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-701708.pdf"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-7165",
    "datePublished": "2016-11-15T19:00:00",
    "dateReserved": "2016-09-08T00:00:00",
    "dateUpdated": "2024-08-06T01:50:47.526Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted