Vulnerability: Insecure Cookie Transmission in SIMATIC CP and S7-300/400 PN/DP CPUs

Vulnerability: Insecure Cookie Transmission in SIMATIC CP and S7-300/400 PN/DP CPUs

CVE-2016-8672 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

A vulnerability has been identified in SIMATIC CP 343-1 Advanced (incl. SIPLUS NET variant) (All versions < V3.0.53), SIMATIC CP 443-1 Advanced (incl. SIPLUS NET variant) (All versions < V3.2.17), SIMATIC S7-300 PN/DP CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP CPU family (incl. SIPLUS variants) (All versions). The integrated web server delivers cookies without the "secure" flag. Modern browsers interpreting the flag would mitigate potential data leakage in case of clear text transmission.

Learn more about our Web App Pen Testing.