CVE-2016-9159

CVE-2016-9159

Vendor Siemens Ag
Product SIMATIC S7-300 CPU family
Weakness CWE-200 · Info exposure
Published December 17, 2016
Last update June 2, 2026
View on NVD All CVEs

CVSS base score

What the vulnerability does

01Description

A vulnerability has been identified in SIMATIC S7-300 CPU family (All versions), SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 V6 and earlier CPU family (All versions), SIMATIC S7-400 V7 CPU family (All versions), SIMATIC S7-410 V8 CPU family (All versions), SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants) (All versions). An attacker with network access to port 102/tcp (ISO-TSAP) or via Profibus could obtain credentials from the PLC if protection-level 2 is configured on the affected devices.

Key dates

02Disclosure timeline

December 17, 2016 CVE published
June 2, 2026 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-45391 Tina search token leak via lock file in TinaCMS CVE-2023-38245 Adobe Acrobat Reader DC ActiveX Control (AxAcroPDFLib.AxAcroPDF) src NTLMv2 SSO Hash Theft Vulnerability CVE-2024-20490 Cisco Nexus Dashboard Fabric Controller and Nexus Dashboard Orchestrator Information Disclosure Vulnerability CVE-2024-26063 Adobe Experience Manager | Information Exposure (CWE-200) CVE-2020-36850 Sitecore JSS React Sample Application 11.0.0 - 14.0.1 Information Disclosure