Medium severity5.3NVD Advisory· Published Nov 23, 2016· Updated May 6, 2026

CVE-2016-8672

Description

A vulnerability has been identified in SIMATIC CP 343-1 Advanced (incl. SIPLUS NET variant) (All versions < V3.0.53), SIMATIC CP 443-1 Advanced (incl. SIPLUS NET variant) (All versions < V3.2.17), SIMATIC S7-300 PN/DP CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP CPU family (incl. SIPLUS variants) (All versions). The integrated web server delivers cookies without the "secure" flag. Modern browsers interpreting the flag would mitigate potential data leakage in case of clear text transmission.

Affected products

Siemens Foundation/Simatic Cp 343 1 Firmware
cpe:2.3:o:siemens:simatic_cp_343-1_firmware:-:*:*:*:advanced:*:*:*
Siemens Foundation/Simatic Cp 443 1 Firmware
cpe:2.3:o:siemens:simatic_cp_443-1_firmware:-:*:*:*:advanced:*:*:*
Siemens Foundation/Simatic S7 300 Cpu Firmware
cpe:2.3:o:siemens:simatic_s7_300_cpu_firmware:-:*:*:*:*:*:*:*
Siemens Foundation/Simatic S7 400 Cpu Firmware
cpe:2.3:o:siemens:simatic_s7_400_cpu_firmware:-:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

cert-portal.siemens.com/productcert/pdf/ssa-603476.pdfnvd

News mentions

No linked articles in our index yet.

cvss	0.345
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000