Vulnerability CVE-2020-7580


Published: 2020-06-10

Description:
A vulnerability has been identified in SIMATIC Automation Tool (All versions), SIMATIC NET PC software (All versions V16 < V16 Upd3), SIMATIC PCS 7 (All versions), SIMATIC PCS neo (All versions), SIMATIC ProSave (All versions), SIMATIC S7-1500 Software Controller (All versions), SIMATIC STEP 7 (All versions < V5.6 SP2 HF3), SIMATIC STEP 7 (TIA Portal) V13 (All versions), SIMATIC STEP 7 (TIA Portal) V14 (All versions), SIMATIC STEP 7 (TIA Portal) V15 (All versions), SIMATIC STEP 7 (TIA Portal) V16 (All versions), SIMATIC WinCC OA V3.16 (All versions < P018), SIMATIC WinCC OA V3.17 (All versions < P003), SIMATIC WinCC Runtime Advanced (All versions), SIMATIC WinCC Runtime Professional V13 (All versions), SIMATIC WinCC Runtime Professional V14 (All versions), SIMATIC WinCC Runtime Professional V15 (All versions), SIMATIC WinCC Runtime Professional V16 (All versions), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 14), SIMATIC WinCC V7.5 (All versions < V7.5 SP1 Update 3), SINAMICS STARTER commissioning tool (All versions), SINAMICS Startdrive (All versions), SINEC NMS (All versions), SINEMA Server (All versions), SINUMERIK ONE virtual (All versions), SINUMERIK Operate (All versions). A component within the affected application regularly calls a helper binary with SYSTEM privileges while the call path is not quoted.

Type:

CWE-428

(Unquoted Search Path or Element)

CVSS2 => (AV:L/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.2/10
10/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Siemens -> Simatic automatic tool 
Siemens -> Simatic net pc 
Siemens -> Simatic pcs 7 
Siemens -> Simatic pcs neo 
Siemens -> Simatic prosave 
Siemens -> Simatic step 7 
Siemens -> Simatic wincc 
Siemens -> Simatic wincc open architecture 
Siemens -> Simatic wincc runtime advanced 
Siemens -> Simatic wincc runtime professional 
Siemens -> Sinamics startdrive 
Siemens -> Sinamics starter commissioning tool 
Siemens -> Sinec network management system 
Siemens -> Sinema server 
Siemens -> Sinumerik one virtual 
Siemens -> Sinumerik operate 

 References:
https://cert-portal.siemens.com/productcert/pdf/ssa-312271.pdf
https://www.us-cert.gov/ics/advisories/icsa-20-161-04

Copyright 2020, cxsecurity.com

 

Back to Top