Medium severity5.9NVD Advisory· Published Dec 17, 2016· Updated May 6, 2026

CVE-2016-9159

Description

A vulnerability has been identified in SIMATIC S7-300 CPU family (All versions), SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 V6 and earlier CPU family (All versions), SIMATIC S7-400 V7 CPU family (All versions), SIMATIC S7-410 V8 CPU family (All versions), SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants) (All versions). An attacker with network access to port 102/tcp (ISO-TSAP) or via Profibus could obtain credentials from the PLC if protection-level 2 is configured on the affected devices.

Affected products

Siemens Foundation/Simatic S7 300 Cpu Firmware
cpe:2.3:o:siemens:simatic_s7-300_cpu_firmware:-:*:*:*:*:*:*:*
Siemens Foundation/Simatic S7 400 Cpu Firmware
cpe:2.3:o:siemens:simatic_s7-400_cpu_firmware:-:*:*:*:*:*:*:*
Siemens AG/SIMATIC S7-300 CPU familyv5
Range: All versions
Siemens AG/SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants)v5
Range: All versions
Siemens AG/SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants)v5
Range: All versions
Siemens AG/SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants)v5
Range: All versions
Siemens AG/SIMATIC S7-400 V6 and earlier CPU familyv5
Range: All versions
Siemens AG/SIMATIC S7-400 V7 CPU familyv5
Range: All versions
Siemens AG/SIMATIC S7-410 V8 CPU familyv5
Range: All versions
Siemens AG/SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants)v5
Range: All versions

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

News mentions

No linked articles in our index yet.

cvss	0.384
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000