CVE-2020-7580

CVSS V2 High 7.2 CVSS V3 Medium 6.7
Description
A vulnerability has been identified in SIMATIC Automation Tool (All versions < V4 SP2), SIMATIC NET PC Software V14 (All versions < V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions), SIMATIC NET PC Software V16 (All versions < V16 Upd3), SIMATIC PCS neo (All versions < V3.0 SP1), SIMATIC ProSave (All versions < V17), SIMATIC S7-1500 Software Controller (All versions < V21.8), SIMATIC STEP 7 (TIA Portal) V13 (All versions < V13 SP2 Update 4), SIMATIC STEP 7 (TIA Portal) V14 (All versions < V14 SP1 Update 10), SIMATIC STEP 7 (TIA Portal) V15 (All versions < V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 2), SIMATIC STEP 7 V5 (All versions < V5.6 SP2 HF3), SIMATIC WinCC OA V3.16 (All versions < V3.16 P018), SIMATIC WinCC OA V3.17 (All versions < V3.17 P003), SIMATIC WinCC Runtime Advanced (All versions < V16 Update 2), SIMATIC WinCC Runtime Professional V13 (All versions < V13 SP2 Update 4), SIMATIC WinCC Runtime Professional V14 (All versions < V14 SP1 Update 10), SIMATIC WinCC Runtime Professional V15 (All versions < V15.1 Update 5), SIMATIC WinCC Runtime Professional V16 (All versions < V16 Update 2), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 14), SIMATIC WinCC V7.5 (All versions < V7.5 SP1 Update 3), SINAMICS STARTER (All Versions < V5.4 HF2), SINAMICS Startdrive (All Versions < V16 Update 3), SINEC NMS (All versions < V1.0 SP2), SINEMA Server (All versions < V14 SP3), SINUMERIK ONE virtual (All Versions < V6.14), SINUMERIK Operate (All Versions < V6.14). A common component used by the affected applications regularly calls a helper binary with SYSTEM privileges while the call path is not quoted. This could allow a local attacker to execute arbitrary code with SYTEM privileges.
Overview
  • CVE ID
  • CVE-2020-7580
  • Assigner
  • productcert@siemens.com
  • Vulnerability Status
  • Modified
  • Published Version
  • 2020-06-10T17:15:12
  • Last Modified Date
  • 2022-12-13T17:15:13
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
AND
cpe:2.3:a:siemens:simatic_automatic_tool:*:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:siemens:simatic_net_pc:*:*:*:*:*:*:*:* 1 OR 16
cpe:2.3:a:siemens:simatic_net_pc:16:-:*:*:*:*:*:* 1 OR
cpe:2.3:a:siemens:simatic_net_pc:16:update1:*:*:*:*:*:* 1 OR
cpe:2.3:a:siemens:simatic_pcs_7:*:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:siemens:simatic_pcs_neo:*:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:siemens:simatic_prosave:*:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:siemens:simatic_step_7:*:*:*:*:*:*:*:* 1 OR 5.6
cpe:2.3:a:siemens:simatic_step_7:*:*:*:*:*:*:*:* 1 OR 13 16
cpe:2.3:a:siemens:simatic_step_7:5.6:-:*:*:*:*:*:* 1 OR
cpe:2.3:a:siemens:simatic_step_7:5.6:sp1:*:*:*:*:*:* 1 OR
cpe:2.3:a:siemens:simatic_step_7:5.6:sp2:*:*:*:*:*:* 1 OR
cpe:2.3:a:siemens:simatic_step_7:5.6:sp2_hotfix1:*:*:*:*:*:* 1 OR
cpe:2.3:a:siemens:simatic_wincc:*:*:*:*:*:*:*:* 1 OR 7.4
cpe:2.3:a:siemens:simatic_wincc:7.4:-:*:*:*:*:*:* 1 OR
cpe:2.3:a:siemens:simatic_wincc:7.4:sp1:*:*:*:*:*:* 1 OR
cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update1:*:*:*:*:*:* 1 OR
cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update10:*:*:*:*:*:* 1 OR
cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update11:*:*:*:*:*:* 1 OR
cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update12:*:*:*:*:*:* 1 OR
cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update13:*:*:*:*:*:* 1 OR
cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update2:*:*:*:*:*:* 1 OR
cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update3:*:*:*:*:*:* 1 OR
cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update4:*:*:*:*:*:* 1 OR
cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update5:*:*:*:*:*:* 1 OR
cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update6:*:*:*:*:*:* 1 OR
cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update7:*:*:*:*:*:* 1 OR
cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update8:*:*:*:*:*:* 1 OR
cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update9:*:*:*:*:*:* 1 OR
cpe:2.3:a:siemens:simatic_wincc:7.5:-:*:*:*:*:*:* 1 OR
cpe:2.3:a:siemens:simatic_wincc:7.5:sp1:*:*:*:*:*:* 1 OR
cpe:2.3:a:siemens:simatic_wincc:7.5:sp1_update1:*:*:*:*:*:* 1 OR
cpe:2.3:a:siemens:simatic_wincc:7.5:sp1_update2:*:*:*:*:*:* 1 OR
cpe:2.3:a:siemens:simatic_wincc_open_architecture:3.16:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:siemens:simatic_wincc_open_architecture:3.17:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:siemens:simatic_wincc_runtime_advanced:*:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:siemens:simatic_wincc_runtime_professional:*:*:*:*:*:*:*:* 1 OR 13 16
cpe:2.3:a:siemens:sinamics_startdrive:*:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:siemens:sinamics_starter_commissioning_tool:*:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:siemens:sinec_network_management_system:*:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:siemens:sinema_server:*:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:siemens:sinumerik_one_virtual:*:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:siemens:sinumerik_operate:*:*:*:*:*:*:*:* 1 OR
AND
cpe:2.3:o:siemens:simatic_s7-150_firmware:*:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:siemens:simatic_s7-150:-:*:*:*:*:*:*:* 0 OR
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:L/AC:L/Au:N/C:C/I:C/A:C
  • Access Vector
  • LOCAL
  • Access Compatibility
  • LOW
  • Authentication
  • NONE
  • Confidentiality Impact
  • COMPLETE
  • Integrity Impact
  • COMPLETE
  • Availability Impact
  • COMPLETE
  • Base Score
  • 7.2
  • Severity
  • HIGH
  • Exploitability Score
  • 3.9
  • Impact Score
  • 10
CVSS Version 3
  • Version
  • 3.1
  • Vector String
  • CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
  • Attack Vector
  • LOCAL
  • Attack Compatibility
  • LOW
  • Privileges Required
  • HIGH
  • User Interaction
  • NONE
  • Scope
  • UNCHANGED
  • Confidentiality Impact
  • HIGH
  • Availability Impact
  • HIGH
  • Base Score
  • 6.7
  • Base Severity
  • MEDIUM
  • Exploitability Score
  • 0.8
  • Impact Score
  • 5.9
References
Reference URL Reference Tags
https://cert-portal.siemens.com/productcert/pdf/ssa-312271.pdf Vendor Advisory
https://us-cert.cisa.gov/ics/advisories/icsa-20-161-04 Third Party Advisory US Government Resource
History
Created Old Value New Value Data Type Notes
2022-05-10 15:43:39 Added to TrackCVE
2022-12-04 17:49:15 2020-06-10T17:15Z 2020-06-10T17:15:12 CVE Published Date updated
2022-12-04 17:49:15 2022-04-12T09:15:10 CVE Modified Date updated
2022-12-04 17:49:15 Modified Vulnerability Status updated
2022-12-13 17:11:43 2022-12-13T16:15:14 CVE Modified Date updated
2022-12-13 17:11:44 A vulnerability has been identified in SIMATIC Automation Tool (All versions < V4 SP2), SIMATIC NET PC Software V14 (All versions < V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions), SIMATIC NET PC Software V16 (All versions < V16 Upd3), SIMATIC PCS neo (All versions < V3.0 SP1), SIMATIC ProSave (All versions < V17), SIMATIC S7-1500 Software Controller (All versions < V21.8), SIMATIC STEP 7 (All versions < V5.6 SP2 HF3), SIMATIC STEP 7 (TIA Portal) V13 (All versions < V13 SP2 Update 4), SIMATIC STEP 7 (TIA Portal) V14 (All versions < V14 SP1 Update 10), SIMATIC STEP 7 (TIA Portal) V15 (All versions < V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 2), SIMATIC WinCC OA V3.16 (All versions < V3.16 P018), SIMATIC WinCC OA V3.17 (All versions < V3.17 P003), SIMATIC WinCC Runtime Advanced (All versions < V16 Update 2), SIMATIC WinCC Runtime Professional V13 (All versions < V13 SP2 Update 4), SIMATIC WinCC Runtime Professional V14 (All versions < V14 SP1 Update 10), SIMATIC WinCC Runtime Professional V15 (All versions < V15.1 Update 5), SIMATIC WinCC Runtime Professional V16 (All versions < V16 Update 2), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 14), SIMATIC WinCC V7.5 (All versions < V7.5 SP1 Update 3), SINAMICS STARTER (All Versions < V5.4 HF2), SINAMICS Startdrive (All Versions < V16 Update 3), SINEC NMS (All versions < V1.0 SP2), SINEMA Server (All versions < V14 SP3), SINUMERIK ONE virtual (All Versions < V6.14), SINUMERIK Operate (All Versions < V6.14). A component within the affected application regularly calls a helper binary with SYSTEM privileges while the call path is not quoted. A vulnerability has been identified in SIMATIC Automation Tool (All versions < V4 SP2), SIMATIC NET PC Software V14 (All versions < V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions), SIMATIC NET PC Software V16 (All versions < V16 Upd3), SIMATIC PCS neo (All versions < V3.0 SP1), SIMATIC ProSave (All versions < V17), SIMATIC S7-1500 Software Controller (All versions < V21.8), SIMATIC STEP 7 (TIA Portal) V13 (All versions < V13 SP2 Update 4), SIMATIC STEP 7 (TIA Portal) V14 (All versions < V14 SP1 Update 10), SIMATIC STEP 7 (TIA Portal) V15 (All versions < V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 2), SIMATIC STEP 7 V5 (All versions < V5.6 SP2 HF3), SIMATIC WinCC OA V3.16 (All versions < V3.16 P018), SIMATIC WinCC OA V3.17 (All versions < V3.17 P003), SIMATIC WinCC Runtime Advanced (All versions < V16 Update 2), SIMATIC WinCC Runtime Professional V13 (All versions < V13 SP2 Update 4), SIMATIC WinCC Runtime Professional V14 (All versions < V14 SP1 Update 10), SIMATIC WinCC Runtime Professional V15 (All versions < V15.1 Update 5), SIMATIC WinCC Runtime Professional V16 (All versions < V16 Update 2), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 14), SIMATIC WinCC V7.5 (All versions < V7.5 SP1 Update 3), SINAMICS STARTER (All Versions < V5.4 HF2), SINAMICS Startdrive (All Versions < V16 Update 3), SINEC NMS (All versions < V1.0 SP2), SINEMA Server (All versions < V14 SP3), SINUMERIK ONE virtual (All Versions < V6.14), SINUMERIK Operate (All Versions < V6.14). A common component used by the affected applications regularly calls a helper binary with SYSTEM privileges while the call path is not quoted. This could allow a local attacker to execute arbitrary code with SYTEM privileges. Description updated
2022-12-13 18:12:28 2022-12-13T17:15:13 CVE Modified Date updated
2022-12-13 18:12:29 A vulnerability has been identified in SIMATIC Automation Tool (All versions < V4 SP2), SIMATIC NET PC Software V14 (All versions < V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions), SIMATIC NET PC Software V16 (All versions < V16 Upd3), SIMATIC PCS neo (All versions < V3.0 SP1), SIMATIC ProSave (All versions < V17), SIMATIC S7-1500 Software Controller (All versions < V21.8), SIMATIC STEP 7 (TIA Portal) V13 (All versions < V13 SP2 Update 4), SIMATIC STEP 7 (TIA Portal) V14 (All versions < V14 SP1 Update 10), SIMATIC STEP 7 (TIA Portal) V15 (All versions < V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 2), SIMATIC STEP 7 V5 (All versions < V5.6 SP2 HF3), SIMATIC WinCC OA V3.16 (All versions < V3.16 P018), SIMATIC WinCC OA V3.17 (All versions < V3.17 P003), SIMATIC WinCC Runtime Advanced (All versions < V16 Update 2), SIMATIC WinCC Runtime Professional V13 (All versions < V13 SP2 Update 4), SIMATIC WinCC Runtime Professional V14 (All versions < V14 SP1 Update 10), SIMATIC WinCC Runtime Professional V15 (All versions < V15.1 Update 5), SIMATIC WinCC Runtime Professional V16 (All versions < V16 Update 2), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 14), SIMATIC WinCC V7.5 (All versions < V7.5 SP1 Update 3), SINAMICS STARTER (All Versions < V5.4 HF2), SINAMICS Startdrive (All Versions < V16 Update 3), SINEC NMS (All versions < V1.0 SP2), SINEMA Server (All versions < V14 SP3), SINUMERIK ONE virtual (All Versions < V6.14), SINUMERIK Operate (All Versions < V6.14). A common component used by the affected applications regularly calls a helper binary with SYSTEM privileges while the call path is not quoted. This could allow a local attacker to execute arbitrary code with SYTEM privileges. A vulnerability has been identified in SIMATIC Automation Tool (All versions < V4 SP2), SIMATIC NET PC Software V14 (All versions < V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions), SIMATIC NET PC Software V16 (All versions < V16 Upd3), SIMATIC PCS neo (All versions < V3.0 SP1), SIMATIC ProSave (All versions < V17), SIMATIC S7-1500 Software Controller (All versions < V21.8), SIMATIC STEP 7 (TIA Portal) V13 (All versions < V13 SP2 Update 4), SIMATIC STEP 7 (TIA Portal) V14 (All versions < V14 SP1 Update 10), SIMATIC STEP 7 (TIA Portal) V15 (All versions < V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 2), SIMATIC STEP 7 V5 (All versions < V5.6 SP2 HF3), SIMATIC WinCC OA V3.16 (All versions < V3.16 P018), SIMATIC WinCC OA V3.17 (All versions < V3.17 P003), SIMATIC WinCC Runtime Advanced (All versions < V16 Update 2), SIMATIC WinCC Runtime Professional V13 (All versions < V13 SP2 Update 4), SIMATIC WinCC Runtime Professional V14 (All versions < V14 SP1 Update 10), SIMATIC WinCC Runtime Professional V15 (All versions < V15.1 Update 5), SIMATIC WinCC Runtime Professional V16 (All versions < V16 Update 2), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 14), SIMATIC WinCC V7.5 (All versions < V7.5 SP1 Update 3), SINAMICS STARTER (All Versions < V5.4 HF2), SINAMICS Startdrive (All Versions < V16 Update 3), SINEC NMS (All versions < V1.0 SP2), SINEMA Server (All versions < V14 SP3), SINUMERIK ONE virtual (All Versions < V6.14), SINUMERIK Operate (All Versions < V6.14). A common component used by the affected applications regularly calls a helper binary with SYSTEM privileges while the call path is not quoted. This could allow a local attacker to execute arbitrary code with SYTEM privileges. Description updated