Vulnerability CVE-2020-7581


Published: 2020-07-14

Description:
A vulnerability has been identified in Opcenter Execution Discrete (All versions < V3.2), Opcenter Execution Foundation (All versions < V3.2), Opcenter Execution Process (All versions < V3.2), Opcenter Intelligence (All versions), Opcenter Quality (All versions < V11.3), Opcenter RD&L (V8.0), SIMATIC Notifier Server for Windows (All versions), SIMATIC PCS neo (All versions), SIMATIC STEP 7 (TIA Portal) V15 (All versions), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 2), SIMOCODE ES (All versions), Soft Starter ES (All versions). A component within the affected application calls a helper binary with SYSTEM privileges during startup while the call path is not quoted.

Type:

CWE-428

(Unquoted Search Path or Element)

CVSS2 => (AV:L/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.2/10
10/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Siemens -> Opcenter execution discrete 
Siemens -> Opcenter execution foundation 
Siemens -> Opcenter execution process 
Siemens -> Opcenter intelligence 
Siemens -> Opcenter quality 
Siemens -> Opcenter rd\&l 
Siemens -> Simatic notifier server 
Siemens -> Simatic pcs neo 
Siemens -> Simatic step 7 
Siemens -> Simocode es 
Siemens -> Soft starter es 

 References:
https://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdf

Copyright 2024, cxsecurity.com

 

Back to Top