Vulnerability CVE-2020-10049


Published: 2020-09-09

Description:
A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V2.10.2). The start-stop scripts for the services of the affected application could allow a local attacker to include arbitrary commands that are executed when services are started or stopped interactively by system administrators.

Type:

CWE-276

(Incorrect Default Permissions)

CVSS2 => (AV:L/AC:M/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.4/10
6.4/10
3.4/10
Exploit range
Attack complexity
Authentication
Local
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Siemens -> Simatic rtls locating manager 

 References:
https://cert-portal.siemens.com/productcert/pdf/ssa-251935.pdf

Copyright 2024, cxsecurity.com

 

Back to Top