Vulnerability CVE-2020-7587


Published: 2020-07-14

Description:
A vulnerability has been identified in Opcenter Execution Discrete (All versions < V3.2), Opcenter Execution Foundation (All versions < V3.2), Opcenter Execution Process (All versions < V3.2), Opcenter Intelligence (All versions), Opcenter Quality (All versions < V11.3), Opcenter RD&L (V8.0), SIMATIC IT LMS (All versions), SIMATIC IT Production Suite (All versions), SIMATIC Notifier Server for Windows (All versions), SIMATIC PCS neo (All versions), SIMATIC STEP 7 (TIA Portal) V15 (All versions), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 2), SIMOCODE ES (All versions), Soft Starter ES (All versions). Sending multiple specially crafted packets to the affected service could cause a partial remote Denial-of-Service, that would cause the service to restart itself. On some cases the vulnerability could leak random information from the remote service.

Type:

CWE-400

(Uncontrolled Resource Consumption ('Resource Exhaustion'))

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.4/10
4.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
Partial
Affected software
Siemens -> Opcenter execution discrete 
Siemens -> Opcenter execution foundation 
Siemens -> Opcenter execution process 
Siemens -> Opcenter intelligence 
Siemens -> Opcenter quality 
Siemens -> Opcenter rd\&l 
Siemens -> Simatic it lms 
Siemens -> Simatic it production suite 
Siemens -> Simatic notifier server 
Siemens -> Simatic pcs neo 
Siemens -> Simatic step 7 
Siemens -> Simocode es 
Siemens -> Soft starter es 

 References:
https://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdf

Copyright 2024, cxsecurity.com

 

Back to Top