CVE-2020-7580

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 10-06-2020 07:15

Last modified: - 12-04-2022 11:15

Total changes: - 9

Description

A vulnerability has been identified in SIMATIC Automation Tool (All versions < V4 SP2), SIMATIC NET PC Software V14 (All versions < V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions), SIMATIC NET PC Software V16 (All versions < V16 Upd3), SIMATIC PCS neo (All versions < V3.0 SP1), SIMATIC ProSave (All versions < V17), SIMATIC S7-1500 Software Controller (All versions < V21.8), SIMATIC STEP 7 (All versions < V5.6 SP2 HF3), SIMATIC STEP 7 (TIA Portal) V13 (All versions < V13 SP2 Update 4), SIMATIC STEP 7 (TIA Portal) V14 (All versions < V14 SP1 Update 10), SIMATIC STEP 7 (TIA Portal) V15 (All versions < V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 2), SIMATIC WinCC OA V3.16 (All versions < V3.16 P018), SIMATIC WinCC OA V3.17 (All versions < V3.17 P003), SIMATIC WinCC Runtime Advanced (All versions < V16 Update 2), SIMATIC WinCC Runtime Professional V13 (All versions < V13 SP2 Update 4), SIMATIC WinCC Runtime Professional V14 (All versions < V14 SP1 Update 10), SIMATIC WinCC Runtime Professional V15 (All versions < V15.1 Update 5), SIMATIC WinCC Runtime Professional V16 (All versions < V16 Update 2), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 14), SIMATIC WinCC V7.5 (All versions < V7.5 SP1 Update 3), SINAMICS STARTER (All Versions < V5.4 HF2), SINAMICS Startdrive (All Versions < V16 Update 3), SINEC NMS (All versions < V1.0 SP2), SINEMA Server (All versions < V14 SP3), SINUMERIK ONE virtual (All Versions < V6.14), SINUMERIK Operate (All Versions < V6.14). A component within the affected application regularly calls a helper binary with SYSTEM privileges while the call path is not quoted.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Low

Attack complexity

Local

Attack vector

High

Availability

High

Confidentiality

High

Integrity

High

Privileges required

Unchanged

Scope

None

User interaction

6.7

Base score

0.8

5.9

Exploitability score

Impact score

Verification logic

vendor=siemens AND product=simatic_automatic_tool

vendor=siemens AND product=simatic_net_pc AND versionEndExcluding=16

vendor=siemens AND product=simatic_net_pc AND version=16 AND update=-

vendor=siemens AND product=simatic_net_pc AND version=16 AND update=update1

vendor=siemens AND product=simatic_pcs_7

vendor=siemens AND product=simatic_pcs_neo

vendor=siemens AND product=simatic_prosave

vendor=siemens AND product=simatic_step_7 AND versionEndExcluding=5.6

vendor=siemens AND product=simatic_step_7 AND version=5.6 AND update=-

vendor=siemens AND product=simatic_step_7 AND version=5.6 AND update=sp1

vendor=siemens AND product=simatic_step_7 AND version=5.6 AND update=sp2

vendor=siemens AND product=simatic_step_7 AND version=5.6 AND update=sp2_hotfix1

vendor=siemens AND product=simatic_step_7 AND versionEndIncluding=16 AND versionStartIncluding=13

vendor=siemens AND product=simatic_wincc AND versionEndExcluding=7.4

vendor=siemens AND product=simatic_wincc AND version=7.4 AND update=-

vendor=siemens AND product=simatic_wincc AND version=7.4 AND update=sp1

vendor=siemens AND product=simatic_wincc AND version=7.4 AND update=sp1_update1

vendor=siemens AND product=simatic_wincc AND version=7.4 AND update=sp1_update10

vendor=siemens AND product=simatic_wincc AND version=7.4 AND update=sp1_update11

vendor=siemens AND product=simatic_wincc AND version=7.4 AND update=sp1_update12

vendor=siemens AND product=simatic_wincc AND version=7.4 AND update=sp1_update13

vendor=siemens AND product=simatic_wincc AND version=7.4 AND update=sp1_update2

vendor=siemens AND product=simatic_wincc AND version=7.4 AND update=sp1_update3

vendor=siemens AND product=simatic_wincc AND version=7.4 AND update=sp1_update4

vendor=siemens AND product=simatic_wincc AND version=7.4 AND update=sp1_update5

vendor=siemens AND product=simatic_wincc AND version=7.4 AND update=sp1_update6

vendor=siemens AND product=simatic_wincc AND version=7.4 AND update=sp1_update7

vendor=siemens AND product=simatic_wincc AND version=7.4 AND update=sp1_update8

vendor=siemens AND product=simatic_wincc AND version=7.4 AND update=sp1_update9

vendor=siemens AND product=simatic_wincc AND version=7.5 AND update=-

vendor=siemens AND product=simatic_wincc AND version=7.5 AND update=sp1

vendor=siemens AND product=simatic_wincc AND version=7.5 AND update=sp1_update1

vendor=siemens AND product=simatic_wincc AND version=7.5 AND update=sp1_update2

vendor=siemens AND product=simatic_wincc_open_architecture AND version=3.16

vendor=siemens AND product=simatic_wincc_open_architecture AND version=3.17

vendor=siemens AND product=simatic_wincc_runtime_advanced

vendor=siemens AND product=simatic_wincc_runtime_professional AND versionEndIncluding=16 AND versionStartIncluding=13

vendor=siemens AND product=sinamics_startdrive

vendor=siemens AND product=sinamics_starter_commissioning_tool

vendor=siemens AND product=sinec_network_management_system

vendor=siemens AND product=sinema_server

vendor=siemens AND product=sinumerik_one_virtual

vendor=siemens AND product=sinumerik_operate

AND

vendor=siemens AND product=simatic_s7-150_firmware

vendor=siemens AND product=simatic_s7-150 AND version=-

Reference

Keywords

CVE-2020-7580

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2020-7580

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures