CVE-2016-7165

Name: CVE-2016-7165
Creator: NVD / NIST
Published: 2016-11-15T19:30:02.797+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 0.38%

Last modified Jun 17, 2026

CVE-2016-7165 is a vulnerability of currently unknown severity. A vulnerability has been identified in Primary Setup Tool (PST) (All versions < V4.2 HF1), SIMATIC IT Production Suite (All versions < V7.0 SP1 HFX 2), SIMATIC NET PC-Software (All versions < V14), SIMATIC PCS 7 V7.1 (All versions), SIMATIC PCS 7 V8.0 (All versions), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1), SIMATIC STEP 7 (TIA Portal) V13 (All versions < V13 SP2), SIMATIC STEP 7 V5.X (All versions < V5.5 SP4 HF11), SIMATIC WinCC (TIA Portal) Basic, Comfort, Advanced (All versions < V14), SIMATIC WinCC (TIA Portal) Professional V13 (All versions < V13 SP2), SIMATIC WinCC (TIA Portal) Professional V14 (All versions < V14 SP1), SIMATIC WinCC Runtime Professional V13 (All versions < V13 SP2), SIMATIC WinCC Runtime Professional V14 (All versions < V14 SP1), SIMATIC WinCC V7.0 SP2 and earlier versions (All versions < V7.0 SP2 Upd 12), SIMATIC WinCC V7.0 SP3 (All versions < V7.0 SP3 Upd 8), SIMATIC WinCC V7.2 (All versions < V7.2 Upd 14), SIMATIC WinCC V7.3 (All versions < V7.3 Upd 11), SIMATIC WinCC V7.4 (All versions < V7.4 SP1), SIMIT V9.0 (All versions < V9.0 SP1), SINEMA Remote Connect Client (All versions < V1.0 SP3), SINEMA Server (All versions < V13 SP2), SOFTNET Security Client V5.0 (All versions), Security Configuration Tool (SCT) (All versions < V4.3 HF1), TeleControl Server Basic (All versions < V3.0 SP2), WinAC RTX 2010 SP2 (All versions), WinAC RTX F 2010 SP2 (All versions). Unquoted service paths could allow local Microsoft Windows operating system users to escalate their privileges if the affected products are not installed under their default path ("C:\Program Files\*" or the localized equivalent).. EPSS estimates a 0.38% chance of exploitation in the next 30 days.

Description

A vulnerability has been identified in Primary Setup Tool (PST) (All versions < V4.2 HF1), SIMATIC IT Production Suite (All versions < V7.0 SP1 HFX 2), SIMATIC NET PC-Software (All versions < V14), SIMATIC PCS 7 V7.1 (All versions), SIMATIC PCS 7 V8.0 (All versions), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1), SIMATIC STEP 7 (TIA Portal) V13 (All versions < V13 SP2), SIMATIC STEP 7 V5.X (All versions < V5.5 SP4 HF11), SIMATIC WinCC (TIA Portal) Basic, Comfort, Advanced (All versions < V14), SIMATIC WinCC (TIA Portal) Professional V13 (All versions < V13 SP2), SIMATIC WinCC (TIA Portal) Professional V14 (All versions < V14 SP1), SIMATIC WinCC Runtime Professional V13 (All versions < V13 SP2), SIMATIC WinCC Runtime Professional V14 (All versions < V14 SP1), SIMATIC WinCC V7.0 SP2 and earlier versions (All versions < V7.0 SP2 Upd 12), SIMATIC WinCC V7.0 SP3 (All versions < V7.0 SP3 Upd 8), SIMATIC WinCC V7.2 (All versions < V7.2 Upd 14), SIMATIC WinCC V7.3 (All versions < V7.3 Upd 11), SIMATIC WinCC V7.4 (All versions < V7.4 SP1), SIMIT V9.0 (All versions < V9.0 SP1), SINEMA Remote Connect Client (All versions < V1.0 SP3), SINEMA Server (All versions < V13 SP2), SOFTNET Security Client V5.0 (All versions), Security Configuration Tool (SCT) (All versions < V4.3 HF1), TeleControl Server Basic (All versions < V3.0 SP2), WinAC RTX 2010 SP2 (All versions), WinAC RTX F 2010 SP2 (All versions). Unquoted service paths could allow local Microsoft Windows operating system users to escalate their privileges if the affected products are not installed under their default path ("C:\Program Files\*" or the localized equivalent).

Metrics

EPSS Probability

0.38%

29.5th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions	Update
Siemens	Primary Setup Tool	All versions	—
Siemens	Security Configuration Tool	All versions	—
Siemens	Simatic It Production Suite	All versions	—
Siemens	Simatic Net Pc Software	<= 14.0	—
Siemens	Simatic Pcs 7	<= 7.1	—
Siemens	Simatic Pcs7	8.0	—
Siemens	Simatic Pcs7	8.1	—
Siemens	Simatic Pcs7	8.2	—
Siemens	Simatic Step 7	<= 5.5	Sp4
Siemens	Simatic Step 7 \(Tia Portal\)	<= 14.0	—
Siemens	Simatic Winac Rtx 2010	All versions	—
Siemens	Simatic Winac Rtx F 2010	All versions	—
Siemens	Simatic Wincc	<= 7.0	Sp2
Siemens	Simatic Wincc	7.0	Sp3
Siemens	Simatic Wincc	7.2	—
Siemens	Simatic Wincc	7.3	—
Siemens	Simatic Wincc	7.4	—
Siemens	Simatic Wincc \(Tia Portal\)	<= 14.0	—
Siemens	Simatic Wincc \(Tia Portal\)	All versions	—
Siemens	Simatic Wincc Runtime	All versions	—
Siemens	Simit	9.0	—
Siemens	Sinema Remote Connect	All versions	—
Siemens	Sinema Server	<= 13.0	Sp2
Siemens	Softnet Security Client	<= 5.0	—
Siemens	Telecontrol Basic	<= 3.0	Sp2

References

http://securityaffairs.co/wordpress/53266/security/cve-2016-7165-siemens.htmlThird Party Advisory
http://www.securityfocus.com/bid/94158Third Party Advisory, VDB Entry
https://cert-portal.siemens.com/productcert/pdf/ssa-701708.pdf
https://ics-cert.us-cert.gov/advisories/ICSA-16-313-02Third Party Advisory, US Government Resource
http://securityaffairs.co/wordpress/53266/security/cve-2016-7165-siemens.htmlThird Party Advisory
http://www.securityfocus.com/bid/94158Third Party Advisory, VDB Entry
https://cert-portal.siemens.com/productcert/pdf/ssa-701708.pdf
https://ics-cert.us-cert.gov/advisories/ICSA-16-313-02Third Party Advisory, US Government Resource

Timeline

Published: Nov 15, 2016
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2016-7165?

How severe is CVE-2016-7165?

Severity scoring for CVE-2016-7165 is pending analysis. The EPSS model estimates a 0.38% probability of exploitation in the next 30 days.

How do I fix CVE-2016-7165?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2016-7165?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST