CVE-2020-7580
N/A
Summary
A vulnerability has been identified in SIMATIC Automation Tool (All versions < V4 SP2), SIMATIC NET PC Software V14 (All versions < V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions), SIMATIC NET PC Software V16 (All versions < V16 Upd3), SIMATIC PCS neo (All versions < V3.0 SP1), SIMATIC ProSave (All versions < V17), SIMATIC S7-1500 Software Controller (All versions < V21.8), SIMATIC STEP 7 (TIA Portal) V13 (All versions < V13 SP2 Update 4), SIMATIC STEP 7 (TIA Portal) V14 (All versions < V14 SP1 Update 10), SIMATIC STEP 7 (TIA Portal) V15 (All versions < V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 2), SIMATIC STEP 7 V5 (All versions < V5.6 SP2 HF3), SIMATIC WinCC OA V3.16 (All versions < V3.16 P018), SIMATIC WinCC OA V3.17 (All versions < V3.17 P003), SIMATIC WinCC Runtime Advanced (All versions < V16 Update 2), SIMATIC WinCC Runtime Professional V13 (All versions < V13 SP2 Update 4), SIMATIC WinCC Runtime Professional V14 (All versions < V14 SP1 Update 10), SIMATIC WinCC Runtime Professional V15 (All versions < V15.1 Update 5), SIMATIC WinCC Runtime Professional V16 (All versions < V16 Update 2), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 14), SIMATIC WinCC V7.5 (All versions < V7.5 SP1 Update 3), SINAMICS STARTER (All Versions < V5.4 HF2), SINAMICS Startdrive (All Versions < V16 Update 3), SINEC NMS (All versions < V1.0 SP2), SINEMA Server (All versions < V14 SP3), SINUMERIK ONE virtual (All Versions < V6.14), SINUMERIK Operate (All Versions < V6.14). A common component used by the affected applications regularly calls a helper binary with SYSTEM privileges while the call path is not quoted. This could allow a local attacker to execute arbitrary code with SYTEM privileges.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Siemens | SIMATIC Automation Tool | All versions < V4 SP2 | affected |
| Siemens | SIMATIC NET PC Software V14 | All versions < V14 SP1 Update 14 | affected |
| Siemens | SIMATIC NET PC Software V15 | All versions | affected |
| Siemens | SIMATIC NET PC Software V16 | All versions < V16 Upd3 | affected |
| Siemens | SIMATIC PCS neo | All versions < V3.0 SP1 | affected |
| Siemens | SIMATIC ProSave | All versions < V17 | affected |
| Siemens | SIMATIC S7-1500 Software Controller | All versions < V21.8 | affected |
| Siemens | SIMATIC STEP 7 (TIA Portal) V13 | All versions < V13 SP2 Update 4 | affected |
| Siemens | SIMATIC STEP 7 (TIA Portal) V14 | All versions < V14 SP1 Update 10 | affected |
| Siemens | SIMATIC STEP 7 (TIA Portal) V15 | All versions < V15.1 Update 5 | affected |
| Siemens | SIMATIC STEP 7 (TIA Portal) V16 | All versions < V16 Update 2 | affected |
| Siemens | SIMATIC STEP 7 V5 | All versions < V5.6 SP2 HF3 | affected |
| Siemens | SIMATIC WinCC OA V3.16 | All versions < V3.16 P018 | affected |
| Siemens | SIMATIC WinCC OA V3.17 | All versions < V3.17 P003 | affected |
| Siemens | SIMATIC WinCC Runtime Advanced | All versions < V16 Update 2 | affected |
| Siemens | SIMATIC WinCC Runtime Professional V13 | All versions < V13 SP2 Update 4 | affected |
| Siemens | SIMATIC WinCC Runtime Professional V14 | All versions < V14 SP1 Update 10 | affected |
| Siemens | SIMATIC WinCC Runtime Professional V15 | All versions < V15.1 Update 5 | affected |
| Siemens | SIMATIC WinCC Runtime Professional V16 | All versions < V16 Update 2 | affected |
| Siemens | SIMATIC WinCC V7.4 | All versions < V7.4 SP1 Update 14 | affected |
| Siemens | SIMATIC WinCC V7.5 | All versions < V7.5 SP1 Update 3 | affected |
| Siemens | SINAMICS STARTER | All Versions < V5.4 HF2 | affected |
| Siemens | SINAMICS Startdrive | All Versions < V16 Update 3 | affected |
| Siemens | SINEC NMS | All versions < V1.0 SP2 | affected |
| Siemens | SINEMA Server | All versions < V14 SP3 | affected |
| Siemens | SINUMERIK ONE virtual | All Versions < V6.14 | affected |
| Siemens | SINUMERIK Operate | All Versions < V6.14 | affected |
Weaknesses
- CWE-428: CWE-428: Unquoted Search Path or Element
ADP Enrichment
CVE Program Container
Additional References
- https://cert-portal.siemens.com/productcert/pdf/ssa-312271.pdf
- https://us-cert.cisa.gov/ics/advisories/icsa-20-161-04
References
- https://cert-portal.siemens.com/productcert/pdf/ssa-312271.pdf
- https://us-cert.cisa.gov/ics/advisories/icsa-20-161-04
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.