Vulnerabilites related to Siemens - Opcenter Execution Foundation
cve-2020-7587
Vulnerability from cvelistv5
Published
2020-07-14 13:18
Modified
2024-08-04 09:33
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in Opcenter Execution Discrete (All versions < V3.2), Opcenter Execution Foundation (All versions < V3.2), Opcenter Execution Process (All versions < V3.2), Opcenter Intelligence (All versions < V3.3), Opcenter Quality (All versions < V11.3), Opcenter RD&L (V8.0), SIMATIC IT LMS (All versions < V2.6), SIMATIC IT Production Suite (All versions < V8.0), SIMATIC Notifier Server for Windows (All versions), SIMATIC PCS neo (All versions < V3.0 SP1), SIMATIC STEP 7 (TIA Portal) V15 (All versions < V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 2), SIMOCODE ES V15.1 (All versions < V15.1 Update 4), SIMOCODE ES V16 (All versions < V16 Update 1), Soft Starter ES V15.1 (All versions < V15.1 Update 3), Soft Starter ES V16 (All versions < V16 Update 1). Sending multiple specially crafted packets to the affected service could cause a partial remote denial-of-service, that would cause the service to restart itself. On some cases the vulnerability could leak random information from the remote service.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdf | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | Opcenter Execution Discrete |
Version: All versions < V3.2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T09:33:19.877Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Opcenter Execution Discrete", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V3.2", }, ], }, { product: "Opcenter Execution Foundation", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V3.2", }, ], }, { product: "Opcenter Execution Process", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V3.2", }, ], }, { product: "Opcenter Intelligence", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V3.3", }, ], }, { product: "Opcenter Quality", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V11.3", }, ], }, { product: "Opcenter RD&L", vendor: "Siemens", versions: [ { status: "affected", version: "V8.0", }, ], }, { product: "SIMATIC IT LMS", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.6", }, ], }, { product: "SIMATIC IT Production Suite", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V8.0", }, ], }, { product: "SIMATIC Notifier Server for Windows", vendor: "Siemens", versions: [ { status: "affected", version: "All versions", }, ], }, { product: "SIMATIC PCS neo", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V3.0 SP1", }, ], }, { product: "SIMATIC STEP 7 (TIA Portal) V15", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V15.1 Update 5", }, ], }, { product: "SIMATIC STEP 7 (TIA Portal) V16", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V16 Update 2", }, ], }, { product: "SIMOCODE ES V15.1", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V15.1 Update 4", }, ], }, { product: "SIMOCODE ES V16", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V16 Update 1", }, ], }, { product: "Soft Starter ES V15.1", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V15.1 Update 3", }, ], }, { product: "Soft Starter ES V16", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V16 Update 1", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Opcenter Execution Discrete (All versions < V3.2), Opcenter Execution Foundation (All versions < V3.2), Opcenter Execution Process (All versions < V3.2), Opcenter Intelligence (All versions < V3.3), Opcenter Quality (All versions < V11.3), Opcenter RD&L (V8.0), SIMATIC IT LMS (All versions < V2.6), SIMATIC IT Production Suite (All versions < V8.0), SIMATIC Notifier Server for Windows (All versions), SIMATIC PCS neo (All versions < V3.0 SP1), SIMATIC STEP 7 (TIA Portal) V15 (All versions < V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 2), SIMOCODE ES V15.1 (All versions < V15.1 Update 4), SIMOCODE ES V16 (All versions < V16 Update 1), Soft Starter ES V15.1 (All versions < V15.1 Update 3), Soft Starter ES V16 (All versions < V16 Update 1). Sending multiple specially crafted packets to the affected service could cause a partial remote denial-of-service, that would cause the service to restart itself. On some cases the vulnerability could leak random information from the remote service.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-400", description: "CWE-400: Uncontrolled Resource Consumption", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-08-10T11:16:51", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdf", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "productcert@siemens.com", ID: "CVE-2020-7587", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Opcenter Execution Discrete", version: { version_data: [ { version_value: "All versions < V3.2", }, ], }, }, { product_name: "Opcenter Execution Foundation", version: { version_data: [ { version_value: "All versions < V3.2", }, ], }, }, { product_name: "Opcenter Execution Process", version: { version_data: [ { version_value: "All versions < V3.2", }, ], }, }, { product_name: "Opcenter Intelligence", version: { version_data: [ { version_value: "All versions < V3.3", }, ], }, }, { product_name: "Opcenter Quality", version: { version_data: [ { version_value: "All versions < V11.3", }, ], }, }, { product_name: "Opcenter RD&L", version: { version_data: [ { version_value: "V8.0", }, ], }, }, { product_name: "SIMATIC IT LMS", version: { version_data: [ { version_value: "All versions < V2.6", }, ], }, }, { product_name: "SIMATIC IT Production Suite", version: { version_data: [ { version_value: "All versions < V8.0", }, ], }, }, { product_name: "SIMATIC Notifier Server for Windows", version: { version_data: [ { version_value: "All versions", }, ], }, }, { product_name: "SIMATIC PCS neo", version: { version_data: [ { version_value: "All versions < V3.0 SP1", }, ], }, }, { product_name: "SIMATIC STEP 7 (TIA Portal) V15", version: { version_data: [ { version_value: "All versions < V15.1 Update 5", }, ], }, }, { product_name: "SIMATIC STEP 7 (TIA Portal) V16", version: { version_data: [ { version_value: "All versions < V16 Update 2", }, ], }, }, { product_name: "SIMOCODE ES V15.1", version: { version_data: [ { version_value: "All versions < V15.1 Update 4", }, ], }, }, { product_name: "SIMOCODE ES V16", version: { version_data: [ { version_value: "All versions < V16 Update 1", }, ], }, }, { product_name: "Soft Starter ES V15.1", version: { version_data: [ { version_value: "All versions < V15.1 Update 3", }, ], }, }, { product_name: "Soft Starter ES V16", version: { version_data: [ { version_value: "All versions < V16 Update 1", }, ], }, }, ], }, vendor_name: "Siemens", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability has been identified in Opcenter Execution Discrete (All versions < V3.2), Opcenter Execution Foundation (All versions < V3.2), Opcenter Execution Process (All versions < V3.2), Opcenter Intelligence (All versions < V3.3), Opcenter Quality (All versions < V11.3), Opcenter RD&L (V8.0), SIMATIC IT LMS (All versions < V2.6), SIMATIC IT Production Suite (All versions < V8.0), SIMATIC Notifier Server for Windows (All versions), SIMATIC PCS neo (All versions < V3.0 SP1), SIMATIC STEP 7 (TIA Portal) V15 (All versions < V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 2), SIMOCODE ES V15.1 (All versions < V15.1 Update 4), SIMOCODE ES V16 (All versions < V16 Update 1), Soft Starter ES V15.1 (All versions < V15.1 Update 3), Soft Starter ES V16 (All versions < V16 Update 1). Sending multiple specially crafted packets to the affected service could cause a partial remote denial-of-service, that would cause the service to restart itself. On some cases the vulnerability could leak random information from the remote service.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-400: Uncontrolled Resource Consumption", }, ], }, ], }, references: { reference_data: [ { name: "https://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdf", refsource: "MISC", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdf", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2020-7587", datePublished: "2020-07-14T13:18:05", dateReserved: "2020-01-21T00:00:00", dateUpdated: "2024-08-04T09:33:19.877Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-46282
Vulnerability from cvelistv5
Published
2023-12-12 11:27
Modified
2025-01-14 10:29
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in Opcenter Execution Foundation (All versions < V2407), Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected applications that could allow an attacker to inject arbitrary JavaScript code. The code could be potentially executed later by another (possibly privileged) user.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | Opcenter Execution Foundation |
Version: 0 < V2407 |
|||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T20:37:40.314Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-999588.pdf", }, { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/html/ssa-999588.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Opcenter Execution Foundation", vendor: "Siemens", versions: [ { lessThan: "V2407", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Opcenter Quality", vendor: "Siemens", versions: [ { lessThan: "V2312", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC PCS neo", vendor: "Siemens", versions: [ { lessThan: "V4.1", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SINEC NMS", vendor: "Siemens", versions: [ { lessThan: "V2.0 SP1", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Totally Integrated Automation Portal (TIA Portal) V14", vendor: "Siemens", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Totally Integrated Automation Portal (TIA Portal) V15.1", vendor: "Siemens", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Totally Integrated Automation Portal (TIA Portal) V16", vendor: "Siemens", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Totally Integrated Automation Portal (TIA Portal) V17", vendor: "Siemens", versions: [ { lessThan: "V17 Update 8", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Totally Integrated Automation Portal (TIA Portal) V18", vendor: "Siemens", versions: [ { lessThan: "V18 Update 3", status: "affected", version: "0", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Opcenter Execution Foundation (All versions < V2407), Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected applications that could allow an attacker to inject arbitrary JavaScript code. The code could be potentially executed later by another (possibly privileged) user.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-14T10:29:51.618Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-999588.pdf", }, { url: "https://cert-portal.siemens.com/productcert/html/ssa-999588.html", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2023-46282", datePublished: "2023-12-12T11:27:13.134Z", dateReserved: "2023-10-20T10:29:46.260Z", dateUpdated: "2025-01-14T10:29:51.618Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-49775
Vulnerability from cvelistv5
Published
2024-12-16 15:06
Modified
2025-03-12 16:34
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
9.3 (Critical) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
9.3 (Critical) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS score ?
Summary
A vulnerability has been identified in Opcenter Execution Foundation (All versions), Opcenter Intelligence (All versions), Opcenter Quality (All versions), Opcenter RDL (All versions), SIMATIC PCS neo V4.0 (All versions), SIMATIC PCS neo V4.1 (All versions < V4.1 Update 3), SIMATIC PCS neo V5.0 (All versions < V5.0 Update 1), SINEC NMS (All versions if operated in conjunction with UMC < V2.15), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions), Totally Integrated Automation Portal (TIA Portal) V19 (All versions). Affected products contain a heap-based buffer overflow vulnerability in the integrated UMC component.
This could allow an unauthenticated remote attacker to execute arbitrary code.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | Opcenter Execution Foundation |
Version: 0 < * |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-49775", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-12-16T16:33:33.058713Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-12T16:34:51.664Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Opcenter Execution Foundation", vendor: "Siemens", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Opcenter Intelligence", vendor: "Siemens", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Opcenter Quality", vendor: "Siemens", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Opcenter RDL", vendor: "Siemens", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC PCS neo V4.0", vendor: "Siemens", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC PCS neo V4.1", vendor: "Siemens", versions: [ { lessThan: "V4.1 Update 3", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC PCS neo V5.0", vendor: "Siemens", versions: [ { lessThan: "V5.0 Update 1", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SINEC NMS", vendor: "Siemens", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Totally Integrated Automation Portal (TIA Portal) V16", vendor: "Siemens", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Totally Integrated Automation Portal (TIA Portal) V17", vendor: "Siemens", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Totally Integrated Automation Portal (TIA Portal) V18", vendor: "Siemens", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Totally Integrated Automation Portal (TIA Portal) V19", vendor: "Siemens", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Opcenter Execution Foundation (All versions), Opcenter Intelligence (All versions), Opcenter Quality (All versions), Opcenter RDL (All versions), SIMATIC PCS neo V4.0 (All versions), SIMATIC PCS neo V4.1 (All versions < V4.1 Update 3), SIMATIC PCS neo V5.0 (All versions < V5.0 Update 1), SINEC NMS (All versions if operated in conjunction with UMC < V2.15), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions), Totally Integrated Automation Portal (TIA Portal) V19 (All versions). Affected products contain a heap-based buffer overflow vulnerability in the integrated UMC component.\r\nThis could allow an unauthenticated remote attacker to execute arbitrary code.", }, ], metrics: [ { cvssV3_1: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, }, { cvssV4_0: { baseScore: 9.3, baseSeverity: "CRITICAL", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", version: "4.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-11T09:47:57.415Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/html/ssa-928984.html", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2024-49775", datePublished: "2024-12-16T15:06:04.714Z", dateReserved: "2024-10-18T14:25:05.725Z", dateUpdated: "2025-03-12T16:34:51.664Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-7588
Vulnerability from cvelistv5
Published
2020-07-14 13:18
Modified
2024-08-04 09:33
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in Opcenter Execution Discrete (All versions < V3.2), Opcenter Execution Foundation (All versions < V3.2), Opcenter Execution Process (All versions < V3.2), Opcenter Intelligence (All versions < V3.3), Opcenter Quality (All versions < V11.3), Opcenter RD&L (V8.0), SIMATIC IT LMS (All versions < V2.6), SIMATIC IT Production Suite (All versions < V8.0), SIMATIC Notifier Server for Windows (All versions), SIMATIC PCS neo (All versions < V3.0 SP1), SIMATIC STEP 7 (TIA Portal) V15 (All versions < V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 2), SIMOCODE ES V15.1 (All versions < V15.1 Update 4), SIMOCODE ES V16 (All versions < V16 Update 1), Soft Starter ES V15.1 (All versions < V15.1 Update 3), Soft Starter ES V16 (All versions < V16 Update 1). Sending a specially crafted packet to the affected service could cause a partial remote denial-of-service, that would cause the service to restart itself.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdf | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | Opcenter Execution Discrete |
Version: All versions < V3.2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T09:33:19.850Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Opcenter Execution Discrete", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V3.2", }, ], }, { product: "Opcenter Execution Foundation", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V3.2", }, ], }, { product: "Opcenter Execution Process", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V3.2", }, ], }, { product: "Opcenter Intelligence", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V3.3", }, ], }, { product: "Opcenter Quality", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V11.3", }, ], }, { product: "Opcenter RD&L", vendor: "Siemens", versions: [ { status: "affected", version: "V8.0", }, ], }, { product: "SIMATIC IT LMS", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.6", }, ], }, { product: "SIMATIC IT Production Suite", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V8.0", }, ], }, { product: "SIMATIC Notifier Server for Windows", vendor: "Siemens", versions: [ { status: "affected", version: "All versions", }, ], }, { product: "SIMATIC PCS neo", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V3.0 SP1", }, ], }, { product: "SIMATIC STEP 7 (TIA Portal) V15", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V15.1 Update 5", }, ], }, { product: "SIMATIC STEP 7 (TIA Portal) V16", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V16 Update 2", }, ], }, { product: "SIMOCODE ES V15.1", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V15.1 Update 4", }, ], }, { product: "SIMOCODE ES V16", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V16 Update 1", }, ], }, { product: "Soft Starter ES V15.1", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V15.1 Update 3", }, ], }, { product: "Soft Starter ES V16", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V16 Update 1", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Opcenter Execution Discrete (All versions < V3.2), Opcenter Execution Foundation (All versions < V3.2), Opcenter Execution Process (All versions < V3.2), Opcenter Intelligence (All versions < V3.3), Opcenter Quality (All versions < V11.3), Opcenter RD&L (V8.0), SIMATIC IT LMS (All versions < V2.6), SIMATIC IT Production Suite (All versions < V8.0), SIMATIC Notifier Server for Windows (All versions), SIMATIC PCS neo (All versions < V3.0 SP1), SIMATIC STEP 7 (TIA Portal) V15 (All versions < V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 2), SIMOCODE ES V15.1 (All versions < V15.1 Update 4), SIMOCODE ES V16 (All versions < V16 Update 1), Soft Starter ES V15.1 (All versions < V15.1 Update 3), Soft Starter ES V16 (All versions < V16 Update 1). Sending a specially crafted packet to the affected service could cause a partial remote denial-of-service, that would cause the service to restart itself.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20: Improper Input Validation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-08-10T11:16:56", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdf", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "productcert@siemens.com", ID: "CVE-2020-7588", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Opcenter Execution Discrete", version: { version_data: [ { version_value: "All versions < V3.2", }, ], }, }, { product_name: "Opcenter Execution Foundation", version: { version_data: [ { version_value: "All versions < V3.2", }, ], }, }, { product_name: "Opcenter Execution Process", version: { version_data: [ { version_value: "All versions < V3.2", }, ], }, }, { product_name: "Opcenter Intelligence", version: { version_data: [ { version_value: "All versions < V3.3", }, ], }, }, { product_name: "Opcenter Quality", version: { version_data: [ { version_value: "All versions < V11.3", }, ], }, }, { product_name: "Opcenter RD&L", version: { version_data: [ { version_value: "V8.0", }, ], }, }, { product_name: "SIMATIC IT LMS", version: { version_data: [ { version_value: "All versions < V2.6", }, ], }, }, { product_name: "SIMATIC IT Production Suite", version: { version_data: [ { version_value: "All versions < V8.0", }, ], }, }, { product_name: "SIMATIC Notifier Server for Windows", version: { version_data: [ { version_value: "All versions", }, ], }, }, { product_name: "SIMATIC PCS neo", version: { version_data: [ { version_value: "All versions < V3.0 SP1", }, ], }, }, { product_name: "SIMATIC STEP 7 (TIA Portal) V15", version: { version_data: [ { version_value: "All versions < V15.1 Update 5", }, ], }, }, { product_name: "SIMATIC STEP 7 (TIA Portal) V16", version: { version_data: [ { version_value: "All versions < V16 Update 2", }, ], }, }, { product_name: "SIMOCODE ES V15.1", version: { version_data: [ { version_value: "All versions < V15.1 Update 4", }, ], }, }, { product_name: "SIMOCODE ES V16", version: { version_data: [ { version_value: "All versions < V16 Update 1", }, ], }, }, { product_name: "Soft Starter ES V15.1", version: { version_data: [ { version_value: "All versions < V15.1 Update 3", }, ], }, }, { product_name: "Soft Starter ES V16", version: { version_data: [ { version_value: "All versions < V16 Update 1", }, ], }, }, ], }, vendor_name: "Siemens", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability has been identified in Opcenter Execution Discrete (All versions < V3.2), Opcenter Execution Foundation (All versions < V3.2), Opcenter Execution Process (All versions < V3.2), Opcenter Intelligence (All versions < V3.3), Opcenter Quality (All versions < V11.3), Opcenter RD&L (V8.0), SIMATIC IT LMS (All versions < V2.6), SIMATIC IT Production Suite (All versions < V8.0), SIMATIC Notifier Server for Windows (All versions), SIMATIC PCS neo (All versions < V3.0 SP1), SIMATIC STEP 7 (TIA Portal) V15 (All versions < V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 2), SIMOCODE ES V15.1 (All versions < V15.1 Update 4), SIMOCODE ES V16 (All versions < V16 Update 1), Soft Starter ES V15.1 (All versions < V15.1 Update 3), Soft Starter ES V16 (All versions < V16 Update 1). Sending a specially crafted packet to the affected service could cause a partial remote denial-of-service, that would cause the service to restart itself.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-20: Improper Input Validation", }, ], }, ], }, references: { reference_data: [ { name: "https://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdf", refsource: "MISC", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdf", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2020-7588", datePublished: "2020-07-14T13:18:05", dateReserved: "2020-01-21T00:00:00", dateUpdated: "2024-08-04T09:33:19.850Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-46285
Vulnerability from cvelistv5
Published
2023-12-12 11:27
Modified
2025-01-14 10:29
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in Opcenter Execution Foundation (All versions < V2407), Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). The affected application contains an improper input validation vulnerability that could allow an attacker to bring the service into a Denial-of-Service state by sending a specifically crafted message to 4004/tcp. The corresponding service is auto-restarted after the crash is detected by a watchdog.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | Opcenter Execution Foundation |
Version: 0 < V2407 |
|||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T20:45:40.610Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-999588.pdf", }, { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/html/ssa-999588.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Opcenter Execution Foundation", vendor: "Siemens", versions: [ { lessThan: "V2407", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Opcenter Quality", vendor: "Siemens", versions: [ { lessThan: "V2312", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC PCS neo", vendor: "Siemens", versions: [ { lessThan: "V4.1", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SINEC NMS", vendor: "Siemens", versions: [ { lessThan: "V2.0 SP1", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Totally Integrated Automation Portal (TIA Portal) V14", vendor: "Siemens", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Totally Integrated Automation Portal (TIA Portal) V15.1", vendor: "Siemens", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Totally Integrated Automation Portal (TIA Portal) V16", vendor: "Siemens", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Totally Integrated Automation Portal (TIA Portal) V17", vendor: "Siemens", versions: [ { lessThan: "V17 Update 8", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Totally Integrated Automation Portal (TIA Portal) V18", vendor: "Siemens", versions: [ { lessThan: "V18 Update 3", status: "affected", version: "0", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Opcenter Execution Foundation (All versions < V2407), Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). The affected application contains an improper input validation vulnerability that could allow an attacker to bring the service into a Denial-of-Service state by sending a specifically crafted message to 4004/tcp. The corresponding service is auto-restarted after the crash is detected by a watchdog.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20: Improper Input Validation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-14T10:29:55.697Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-999588.pdf", }, { url: "https://cert-portal.siemens.com/productcert/html/ssa-999588.html", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2023-46285", datePublished: "2023-12-12T11:27:17.080Z", dateReserved: "2023-10-20T10:29:46.260Z", dateUpdated: "2025-01-14T10:29:55.697Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-46284
Vulnerability from cvelistv5
Published
2023-12-12 11:27
Modified
2025-01-14 10:29
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in Opcenter Execution Foundation (All versions < V2407), Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). The affected application contains an out of bounds write past the end of an allocated buffer when handling specific requests on port 4002/tcp and 4004/tcp. This could allow an attacker to crash the application. The corresponding service is auto-restarted after the crash.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | Opcenter Execution Foundation |
Version: 0 < V2407 |
|||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T20:45:40.702Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-999588.pdf", }, { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/html/ssa-999588.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Opcenter Execution Foundation", vendor: "Siemens", versions: [ { lessThan: "V2407", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Opcenter Quality", vendor: "Siemens", versions: [ { lessThan: "V2312", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC PCS neo", vendor: "Siemens", versions: [ { lessThan: "V4.1", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SINEC NMS", vendor: "Siemens", versions: [ { lessThan: "V2.0 SP1", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Totally Integrated Automation Portal (TIA Portal) V14", vendor: "Siemens", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Totally Integrated Automation Portal (TIA Portal) V15.1", vendor: "Siemens", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Totally Integrated Automation Portal (TIA Portal) V16", vendor: "Siemens", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Totally Integrated Automation Portal (TIA Portal) V17", vendor: "Siemens", versions: [ { lessThan: "V17 Update 8", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Totally Integrated Automation Portal (TIA Portal) V18", vendor: "Siemens", versions: [ { lessThan: "V18 Update 3", status: "affected", version: "0", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Opcenter Execution Foundation (All versions < V2407), Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). The affected application contains an out of bounds write past the end of an allocated buffer when handling specific requests on port 4002/tcp and 4004/tcp. This could allow an attacker to crash the application. The corresponding service is auto-restarted after the crash.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-120", description: "CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-14T10:29:54.329Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-999588.pdf", }, { url: "https://cert-portal.siemens.com/productcert/html/ssa-999588.html", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2023-46284", datePublished: "2023-12-12T11:27:15.737Z", dateReserved: "2023-10-20T10:29:46.260Z", dateUpdated: "2025-01-14T10:29:54.329Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-7581
Vulnerability from cvelistv5
Published
2020-07-14 13:18
Modified
2024-08-04 09:33
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in Opcenter Execution Discrete (All versions < V3.2), Opcenter Execution Foundation (All versions < V3.2), Opcenter Execution Process (All versions < V3.2), Opcenter Intelligence (All versions < V3.3), Opcenter Quality (All versions < V11.3), Opcenter RD&L (V8.0), SIMATIC Notifier Server for Windows (All versions), SIMATIC PCS neo (All versions < V3.0 SP1), SIMATIC STEP 7 (TIA Portal) V15 (All versions < V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 2), SIMOCODE ES V15.1 (All versions < V15.1 Update 4), SIMOCODE ES V16 (All versions < V16 Update 1), Soft Starter ES V15.1 (All versions < V15.1 Update 3), Soft Starter ES V16 (All versions < V16 Update 1). A component within the affected application calls a helper binary with SYSTEM privileges during startup while the call path is not quoted. This could allow a local attacker with administrative privileges to execute code with SYSTEM level privileges.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdf | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | Opcenter Execution Discrete |
Version: All versions < V3.2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T09:33:19.617Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Opcenter Execution Discrete", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V3.2", }, ], }, { product: "Opcenter Execution Foundation", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V3.2", }, ], }, { product: "Opcenter Execution Process", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V3.2", }, ], }, { product: "Opcenter Intelligence", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V3.3", }, ], }, { product: "Opcenter Quality", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V11.3", }, ], }, { product: "Opcenter RD&L", vendor: "Siemens", versions: [ { status: "affected", version: "V8.0", }, ], }, { product: "SIMATIC Notifier Server for Windows", vendor: "Siemens", versions: [ { status: "affected", version: "All versions", }, ], }, { product: "SIMATIC PCS neo", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V3.0 SP1", }, ], }, { product: "SIMATIC STEP 7 (TIA Portal) V15", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V15.1 Update 5", }, ], }, { product: "SIMATIC STEP 7 (TIA Portal) V16", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V16 Update 2", }, ], }, { product: "SIMOCODE ES V15.1", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V15.1 Update 4", }, ], }, { product: "SIMOCODE ES V16", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V16 Update 1", }, ], }, { product: "Soft Starter ES V15.1", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V15.1 Update 3", }, ], }, { product: "Soft Starter ES V16", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V16 Update 1", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Opcenter Execution Discrete (All versions < V3.2), Opcenter Execution Foundation (All versions < V3.2), Opcenter Execution Process (All versions < V3.2), Opcenter Intelligence (All versions < V3.3), Opcenter Quality (All versions < V11.3), Opcenter RD&L (V8.0), SIMATIC Notifier Server for Windows (All versions), SIMATIC PCS neo (All versions < V3.0 SP1), SIMATIC STEP 7 (TIA Portal) V15 (All versions < V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 2), SIMOCODE ES V15.1 (All versions < V15.1 Update 4), SIMOCODE ES V16 (All versions < V16 Update 1), Soft Starter ES V15.1 (All versions < V15.1 Update 3), Soft Starter ES V16 (All versions < V16 Update 1). A component within the affected application calls a helper binary with SYSTEM privileges during startup while the call path is not quoted. This could allow a local attacker with administrative privileges to execute code with SYSTEM level privileges.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-428", description: "CWE-428: Unquoted Search Path or Element", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-08-10T11:16:47", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdf", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "productcert@siemens.com", ID: "CVE-2020-7581", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Opcenter Execution Discrete", version: { version_data: [ { version_value: "All versions < V3.2", }, ], }, }, { product_name: "Opcenter Execution Foundation", version: { version_data: [ { version_value: "All versions < V3.2", }, ], }, }, { product_name: "Opcenter Execution Process", version: { version_data: [ { version_value: "All versions < V3.2", }, ], }, }, { product_name: "Opcenter Intelligence", version: { version_data: [ { version_value: "All versions < V3.3", }, ], }, }, { product_name: "Opcenter Quality", version: { version_data: [ { version_value: "All versions < V11.3", }, ], }, }, { product_name: "Opcenter RD&L", version: { version_data: [ { version_value: "V8.0", }, ], }, }, { product_name: "SIMATIC Notifier Server for Windows", version: { version_data: [ { version_value: "All versions", }, ], }, }, { product_name: "SIMATIC PCS neo", version: { version_data: [ { version_value: "All versions < V3.0 SP1", }, ], }, }, { product_name: "SIMATIC STEP 7 (TIA Portal) V15", version: { version_data: [ { version_value: "All versions < V15.1 Update 5", }, ], }, }, { product_name: "SIMATIC STEP 7 (TIA Portal) V16", version: { version_data: [ { version_value: "All versions < V16 Update 2", }, ], }, }, { product_name: "SIMOCODE ES V15.1", version: { version_data: [ { version_value: "All versions < V15.1 Update 4", }, ], }, }, { product_name: "SIMOCODE ES V16", version: { version_data: [ { version_value: "All versions < V16 Update 1", }, ], }, }, { product_name: "Soft Starter ES V15.1", version: { version_data: [ { version_value: "All versions < V15.1 Update 3", }, ], }, }, { product_name: "Soft Starter ES V16", version: { version_data: [ { version_value: "All versions < V16 Update 1", }, ], }, }, ], }, vendor_name: "Siemens", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability has been identified in Opcenter Execution Discrete (All versions < V3.2), Opcenter Execution Foundation (All versions < V3.2), Opcenter Execution Process (All versions < V3.2), Opcenter Intelligence (All versions < V3.3), Opcenter Quality (All versions < V11.3), Opcenter RD&L (V8.0), SIMATIC Notifier Server for Windows (All versions), SIMATIC PCS neo (All versions < V3.0 SP1), SIMATIC STEP 7 (TIA Portal) V15 (All versions < V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 2), SIMOCODE ES V15.1 (All versions < V15.1 Update 4), SIMOCODE ES V16 (All versions < V16 Update 1), Soft Starter ES V15.1 (All versions < V15.1 Update 3), Soft Starter ES V16 (All versions < V16 Update 1). A component within the affected application calls a helper binary with SYSTEM privileges during startup while the call path is not quoted. This could allow a local attacker with administrative privileges to execute code with SYSTEM level privileges.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-428: Unquoted Search Path or Element", }, ], }, ], }, references: { reference_data: [ { name: "https://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdf", refsource: "MISC", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdf", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2020-7581", datePublished: "2020-07-14T13:18:05", dateReserved: "2020-01-21T00:00:00", dateUpdated: "2024-08-04T09:33:19.617Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-46281
Vulnerability from cvelistv5
Published
2023-12-12 11:27
Modified
2025-01-14 10:29
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in Opcenter Execution Foundation (All versions < V2407), Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). When accessing the UMC Web-UI from affected products, UMC uses an overly permissive CORS policy. This could allow an attacker to trick a legitimate user to trigger unwanted behavior.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | Opcenter Execution Foundation |
Version: 0 < V2407 |
|||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T20:37:40.334Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-999588.pdf", }, { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/html/ssa-999588.html", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-46281", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-08T14:41:24.487753Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-08T14:41:45.644Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Opcenter Execution Foundation", vendor: "Siemens", versions: [ { lessThan: "V2407", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Opcenter Quality", vendor: "Siemens", versions: [ { lessThan: "V2312", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC PCS neo", vendor: "Siemens", versions: [ { lessThan: "V4.1", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SINEC NMS", vendor: "Siemens", versions: [ { lessThan: "V2.0 SP1", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Totally Integrated Automation Portal (TIA Portal) V14", vendor: "Siemens", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Totally Integrated Automation Portal (TIA Portal) V15.1", vendor: "Siemens", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Totally Integrated Automation Portal (TIA Portal) V16", vendor: "Siemens", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Totally Integrated Automation Portal (TIA Portal) V17", vendor: "Siemens", versions: [ { lessThan: "V17 Update 8", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Totally Integrated Automation Portal (TIA Portal) V18", vendor: "Siemens", versions: [ { lessThan: "V18 Update 3", status: "affected", version: "0", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Opcenter Execution Foundation (All versions < V2407), Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). When accessing the UMC Web-UI from affected products, UMC uses an overly permissive CORS policy. This could allow an attacker to trick a legitimate user to trigger unwanted behavior.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-942", description: "CWE-942: Permissive Cross-domain Policy with Untrusted Domains", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-14T10:29:50.318Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-999588.pdf", }, { url: "https://cert-portal.siemens.com/productcert/html/ssa-999588.html", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2023-46281", datePublished: "2023-12-12T11:27:11.796Z", dateReserved: "2023-10-20T10:29:46.259Z", dateUpdated: "2025-01-14T10:29:50.318Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-33698
Vulnerability from cvelistv5
Published
2024-09-10 09:36
Modified
2025-03-11 09:47
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
9.3 (Critical) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
9.3 (Critical) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS score ?
Summary
A vulnerability has been identified in Opcenter Execution Foundation (All versions), Opcenter Quality (All versions), Opcenter RDL (All versions), SIMATIC PCS neo V4.0 (All versions), SIMATIC PCS neo V4.1 (All versions < V4.1 Update 2), SIMATIC PCS neo V5.0 (All versions < V5.0 Update 1), SINEC NMS (All versions), SINEMA Remote Connect Client (All versions < V3.2 SP3), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 5), Totally Integrated Automation Portal (TIA Portal) V19 (All versions < V19 Update 3). Affected products contain a heap-based buffer overflow vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to execute arbitrary code.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | Opcenter Execution Foundation |
Version: 0 < * |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:siemens:simatic_pcs_neo:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "simatic_pcs_neo", vendor: "siemens", versions: [ { lessThan: "4.1_update_2", status: "affected", version: "4.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:siemens:totally_integrated_automation_portal:16:*:*:*:*:*:*:*", "cpe:2.3:a:siemens:totally_integrated_automation_portal:18:*:*:*:*:*:*:*", "cpe:2.3:a:siemens:totally_integrated_automation_portal:19:*:*:*:*:*:*:*", "cpe:2.3:a:siemens:sinec_nms:*:*:*:*:*:*:*:*", "cpe:2.3:a:siemens:simatic_pcs_neo:5.0:*:*:*:*:*:*:*", "cpe:2.3:a:siemens:simatic_information_server:2022:*:*:*:*:*:*:*", "cpe:2.3:a:siemens:simatic_information_server:2024:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "simatic_information_server", vendor: "siemens", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:siemens:totally_integrated_automation_portal:17:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "totally_integrated_automation_portal", vendor: "siemens", versions: [ { lessThan: "17_update_8", status: "affected", version: "17", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-33698", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-09-10T17:32:07.999463Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-10T18:26:36.889Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Opcenter Execution Foundation", vendor: "Siemens", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Opcenter Quality", vendor: "Siemens", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Opcenter RDL", vendor: "Siemens", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC PCS neo V4.0", vendor: "Siemens", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC PCS neo V4.1", vendor: "Siemens", versions: [ { lessThan: "V4.1 Update 2", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC PCS neo V5.0", vendor: "Siemens", versions: [ { lessThan: "V5.0 Update 1", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SINEC NMS", vendor: "Siemens", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SINEMA Remote Connect Client", vendor: "Siemens", versions: [ { lessThan: "V3.2 SP3", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Totally Integrated Automation Portal (TIA Portal) V16", vendor: "Siemens", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Totally Integrated Automation Portal (TIA Portal) V17", vendor: "Siemens", versions: [ { lessThan: "V17 Update 8", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Totally Integrated Automation Portal (TIA Portal) V18", vendor: "Siemens", versions: [ { lessThan: "V18 Update 5", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Totally Integrated Automation Portal (TIA Portal) V19", vendor: "Siemens", versions: [ { lessThan: "V19 Update 3", status: "affected", version: "0", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Opcenter Execution Foundation (All versions), Opcenter Quality (All versions), Opcenter RDL (All versions), SIMATIC PCS neo V4.0 (All versions), SIMATIC PCS neo V4.1 (All versions < V4.1 Update 2), SIMATIC PCS neo V5.0 (All versions < V5.0 Update 1), SINEC NMS (All versions), SINEMA Remote Connect Client (All versions < V3.2 SP3), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 5), Totally Integrated Automation Portal (TIA Portal) V19 (All versions < V19 Update 3). Affected products contain a heap-based buffer overflow vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to execute arbitrary code.", }, ], metrics: [ { cvssV3_1: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, }, { cvssV4_0: { baseScore: 9.3, baseSeverity: "CRITICAL", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", version: "4.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-11T09:47:51.007Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/html/ssa-039007.html", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2024-33698", datePublished: "2024-09-10T09:36:31.009Z", dateReserved: "2024-04-26T12:32:09.263Z", dateUpdated: "2025-03-11T09:47:51.007Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-46283
Vulnerability from cvelistv5
Published
2023-12-12 11:27
Modified
2025-01-14 10:29
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in Opcenter Execution Foundation (All versions < V2407), Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). The affected application contains an out of bounds write past the end of an allocated buffer when handling specific requests on port 4002/tcp. This could allow an attacker to crash the application. The corresponding service is auto-restarted after the crash.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | Opcenter Execution Foundation |
Version: 0 < V2407 |
|||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T20:45:40.675Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-999588.pdf", }, { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/html/ssa-999588.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Opcenter Execution Foundation", vendor: "Siemens", versions: [ { lessThan: "V2407", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Opcenter Quality", vendor: "Siemens", versions: [ { lessThan: "V2312", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC PCS neo", vendor: "Siemens", versions: [ { lessThan: "V4.1", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SINEC NMS", vendor: "Siemens", versions: [ { lessThan: "V2.0 SP1", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Totally Integrated Automation Portal (TIA Portal) V14", vendor: "Siemens", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Totally Integrated Automation Portal (TIA Portal) V15.1", vendor: "Siemens", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Totally Integrated Automation Portal (TIA Portal) V16", vendor: "Siemens", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Totally Integrated Automation Portal (TIA Portal) V17", vendor: "Siemens", versions: [ { lessThan: "V17 Update 8", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Totally Integrated Automation Portal (TIA Portal) V18", vendor: "Siemens", versions: [ { lessThan: "V18 Update 3", status: "affected", version: "0", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Opcenter Execution Foundation (All versions < V2407), Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). The affected application contains an out of bounds write past the end of an allocated buffer when handling specific requests on port 4002/tcp. This could allow an attacker to crash the application. The corresponding service is auto-restarted after the crash.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-120", description: "CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-14T10:29:52.922Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-999588.pdf", }, { url: "https://cert-portal.siemens.com/productcert/html/ssa-999588.html", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2023-46283", datePublished: "2023-12-12T11:27:14.437Z", dateReserved: "2023-10-20T10:29:46.260Z", dateUpdated: "2025-01-14T10:29:52.922Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
var-202007-1237
Vulnerability from variot
A vulnerability has been identified in Opcenter Execution Discrete (All versions < V3.2), Opcenter Execution Foundation (All versions < V3.2), Opcenter Execution Process (All versions < V3.2), Opcenter Intelligence (All versions < V3.3), Opcenter Quality (All versions < V11.3), Opcenter RD&L (V8.0), SIMATIC IT LMS (All versions < V2.6), SIMATIC IT Production Suite (All versions < V8.0), SIMATIC Notifier Server for Windows (All versions), SIMATIC PCS neo (All versions < V3.0 SP1), SIMATIC STEP 7 (TIA Portal) V15 (All versions < V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 2), SIMOCODE ES V15.1 (All versions < V15.1 Update 4), SIMOCODE ES V16 (All versions < V16 Update 1), Soft Starter ES V15.1 (All versions < V15.1 Update 3), Soft Starter ES V16 (All versions < V16 Update 1). Sending a specially crafted packet to the affected service could cause a partial remote denial-of-service, that would cause the service to restart itself. Multiple Siemens products contain input validation vulnerabilities.Denial of service (DoS) It may be put in a state. An input validation error vulnerability exists in . The vulnerability stems from the failure of the network system or product to properly validate the input data. The following products and versions are affected:
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202007-1237", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "simatic step 7", scope: "gte", trust: 1, vendor: "siemens", version: "15", }, { model: "simocode es", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "soft starter es", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "opcenter intelligence", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "simatic notifier server", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "simatic it production suite", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "simatic pcs neo", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "opcenter execution discrete", scope: "lt", trust: 1, vendor: "siemens", version: "3.2", }, { model: "simatic step 7", scope: "lte", trust: 1, vendor: "siemens", version: "15.1", }, { model: "opcenter quality", scope: "lt", trust: 1, vendor: "siemens", version: "11.3", }, { model: "simatic it lms", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "simatic step 7", scope: "eq", trust: 1, vendor: "siemens", version: "16", }, { model: "opcenter rd\\&l", scope: "eq", trust: 1, vendor: "siemens", version: "8.0", }, { model: "opcenter execution foundation", scope: "lt", trust: 1, vendor: "siemens", version: "3.2", }, { model: "opcenter execution process", scope: "lt", trust: 1, vendor: "siemens", version: "3.2", }, { model: "opcenter execution discrete", scope: "lt", trust: 0.8, vendor: "シーメンス", version: "3.2", }, { model: "opcenter execution foundation", scope: "lt", trust: 0.8, vendor: "シーメンス", version: "3.2", }, { model: "opcenter execution process", scope: "lt", trust: 0.8, vendor: "シーメンス", version: "3.2", }, { model: "opcenter intelligence", scope: "eq", trust: 0.8, vendor: "シーメンス", version: null, }, { model: "opcenter quality", scope: "lt", trust: 0.8, vendor: "シーメンス", version: "11.3", }, { model: "opcenter rd&26l", scope: "eq", trust: 0.8, vendor: "シーメンス", version: "8.0", }, { model: "simatic it lms", scope: "eq", trust: 0.8, vendor: "シーメンス", version: null, }, { model: "simatic it production suite", scope: "eq", trust: 0.8, vendor: "シーメンス", version: null, }, { model: "simatic notifier server", scope: "eq", trust: 0.8, vendor: "シーメンス", version: null, }, { model: "simatic pcs neo", scope: "lt", trust: 0.8, vendor: "シーメンス", version: "3.0 sp1", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2020-008065", }, { db: "NVD", id: "CVE-2020-7588", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:siemens:simatic_pcs_neo:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:siemens:opcenter_execution_discrete:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "3.2", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:siemens:opcenter_execution_foundation:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "3.2", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:siemens:opcenter_execution_process:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "3.2", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:siemens:opcenter_intelligence:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:siemens:opcenter_quality:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "11.3", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:siemens:opcenter_rd\\&l:8.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:siemens:simatic_step_7:16:-:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:siemens:soft_starter_es:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:siemens:simocode_es:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:siemens:simatic_notifier_server:*:*:*:*:*:windows:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:siemens:simatic_it_lms:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:siemens:simatic_it_production_suite:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:siemens:simatic_step_7:16:update_1:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:siemens:simatic_step_7:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "15.1", versionStartIncluding: "15", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2020-7588", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Victor Fidalgo of INCIBE and Reid Wightman of Dragos reported these vulnerabilities to Siemens.", sources: [ { db: "CNNVD", id: "CNNVD-202007-580", }, ], trust: 0.6, }, cve: "CVE-2020-7588", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", exploitabilityScore: 10, impactScore: 2.9, integrityImpact: "NONE", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "None", author: "NVD", availabilityImpact: "Partial", baseScore: 5, confidentialityImpact: "None", exploitabilityScore: null, id: "CVE-2020-7588", impactScore: null, integrityImpact: "None", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.9, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "VULHUB", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", exploitabilityScore: 10, id: "VHN-185713", impactScore: 2.9, integrityImpact: "NONE", severity: "MEDIUM", trust: 0.1, vectorString: "AV:N/AC:L/AU:N/C:N/I:N/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", exploitabilityScore: 3.9, impactScore: 1.4, integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "Low", baseScore: 5.3, baseSeverity: "Medium", confidentialityImpact: "None", exploitabilityScore: null, id: "CVE-2020-7588", impactScore: null, integrityImpact: "None", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2020-7588", trust: 1.8, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202007-580", trust: 0.6, value: "MEDIUM", }, { author: "VULHUB", id: "VHN-185713", trust: 0.1, value: "MEDIUM", }, { author: "VULMON", id: "CVE-2020-7588", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "VULHUB", id: "VHN-185713", }, { db: "VULMON", id: "CVE-2020-7588", }, { db: "JVNDB", id: "JVNDB-2020-008065", }, { db: "NVD", id: "CVE-2020-7588", }, { db: "CNNVD", id: "CNNVD-202007-580", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "A vulnerability has been identified in Opcenter Execution Discrete (All versions < V3.2), Opcenter Execution Foundation (All versions < V3.2), Opcenter Execution Process (All versions < V3.2), Opcenter Intelligence (All versions < V3.3), Opcenter Quality (All versions < V11.3), Opcenter RD&L (V8.0), SIMATIC IT LMS (All versions < V2.6), SIMATIC IT Production Suite (All versions < V8.0), SIMATIC Notifier Server for Windows (All versions), SIMATIC PCS neo (All versions < V3.0 SP1), SIMATIC STEP 7 (TIA Portal) V15 (All versions < V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 2), SIMOCODE ES V15.1 (All versions < V15.1 Update 4), SIMOCODE ES V16 (All versions < V16 Update 1), Soft Starter ES V15.1 (All versions < V15.1 Update 3), Soft Starter ES V16 (All versions < V16 Update 1). Sending a specially crafted packet to the affected service could cause a partial remote denial-of-service, that would cause the service to restart itself. Multiple Siemens products contain input validation vulnerabilities.Denial of service (DoS) It may be put in a state. An input validation error vulnerability exists in . The vulnerability stems from the failure of the network system or product to properly validate the input data. The following products and versions are affected:", sources: [ { db: "NVD", id: "CVE-2020-7588", }, { db: "JVNDB", id: "JVNDB-2020-008065", }, { db: "VULHUB", id: "VHN-185713", }, { db: "VULMON", id: "CVE-2020-7588", }, ], trust: 1.8, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2020-7588", trust: 2.6, }, { db: "SIEMENS", id: "SSA-841348", trust: 1.8, }, { db: "JVN", id: "JVNVU97872642", trust: 0.8, }, { db: "JVNDB", id: "JVNDB-2020-008065", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-202007-580", trust: 0.7, }, { db: "ICS CERT", id: "ICSA-20-196-05", trust: 0.6, }, { db: "AUSCERT", id: "ESB-2020.2393.2", trust: 0.6, }, { db: "AUSCERT", id: "ESB-2020.2393", trust: 0.6, }, { db: "CNVD", id: "CNVD-2021-54361", trust: 0.1, }, { db: "VULHUB", id: "VHN-185713", trust: 0.1, }, { db: "VULMON", id: "CVE-2020-7588", trust: 0.1, }, ], sources: [ { db: "VULHUB", id: "VHN-185713", }, { db: "VULMON", id: "CVE-2020-7588", }, { db: "JVNDB", id: "JVNDB-2020-008065", }, { db: "NVD", id: "CVE-2020-7588", }, { db: "CNNVD", id: "CNNVD-202007-580", }, ], }, id: "VAR-202007-1237", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VULHUB", id: "VHN-185713", }, ], trust: 0.60384615, }, last_update_date: "2023-12-18T11:58:10.862000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "SSA-841348", trust: 0.8, url: "https://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdf", }, { title: "Siemens Security Advisories: Siemens Security Advisory", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=2c5193074a957cb3ecdc0e93e2ad86b5", }, { title: "", trust: 0.1, url: "https://github.com/live-hack-cve/cve-2020-7588 ", }, ], sources: [ { db: "VULMON", id: "CVE-2020-7588", }, { db: "JVNDB", id: "JVNDB-2020-008065", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-20", trust: 1.1, }, { problemtype: "Incorrect input confirmation (CWE-20) [NVD Evaluation ]", trust: 0.8, }, ], sources: [ { db: "VULHUB", id: "VHN-185713", }, { db: "JVNDB", id: "JVNDB-2020-008065", }, { db: "NVD", id: "CVE-2020-7588", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.8, url: "https://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdf", }, { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2020-7588", }, { trust: 0.8, url: "https://jvn.jp/vu/jvnvu97872642/", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2020.2393.2/", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2020.2393/", }, { trust: 0.6, url: "https://vigilance.fr/vulnerability/simatic-multiple-vulnerabilities-via-umc-stack-32813", }, { trust: 0.6, url: "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-05", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/20.html", }, { trust: 0.1, url: "https://github.com/live-hack-cve/cve-2020-7588", }, { trust: 0.1, url: "https://nvd.nist.gov", }, { trust: 0.1, url: "https://cert-portal.siemens.com/productcert/txt/ssa-841348.txt", }, ], sources: [ { db: "VULHUB", id: "VHN-185713", }, { db: "VULMON", id: "CVE-2020-7588", }, { db: "JVNDB", id: "JVNDB-2020-008065", }, { db: "NVD", id: "CVE-2020-7588", }, { db: "CNNVD", id: "CNNVD-202007-580", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULHUB", id: "VHN-185713", }, { db: "VULMON", id: "CVE-2020-7588", }, { db: "JVNDB", id: "JVNDB-2020-008065", }, { db: "NVD", id: "CVE-2020-7588", }, { db: "CNNVD", id: "CNNVD-202007-580", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-07-14T00:00:00", db: "VULHUB", id: "VHN-185713", }, { date: "2020-07-14T00:00:00", db: "VULMON", id: "CVE-2020-7588", }, { date: "2020-09-03T00:00:00", db: "JVNDB", id: "JVNDB-2020-008065", }, { date: "2020-07-14T14:15:18.993000", db: "NVD", id: "CVE-2020-7588", }, { date: "2020-07-14T00:00:00", db: "CNNVD", id: "CNNVD-202007-580", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-01-30T00:00:00", db: "VULHUB", id: "VHN-185713", }, { date: "2023-01-30T00:00:00", db: "VULMON", id: "CVE-2020-7588", }, { date: "2020-09-03T00:00:00", db: "JVNDB", id: "JVNDB-2020-008065", }, { date: "2023-01-30T19:52:34.590000", db: "NVD", id: "CVE-2020-7588", }, { date: "2022-08-11T00:00:00", db: "CNNVD", id: "CNNVD-202007-580", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202007-580", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Input validation vulnerabilities in multiple Siemens products", sources: [ { db: "JVNDB", id: "JVNDB-2020-008065", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "input validation error", sources: [ { db: "CNNVD", id: "CNNVD-202007-580", }, ], trust: 0.6, }, }
var-202007-1236
Vulnerability from variot
A vulnerability has been identified in Opcenter Execution Discrete (All versions < V3.2), Opcenter Execution Foundation (All versions < V3.2), Opcenter Execution Process (All versions < V3.2), Opcenter Intelligence (All versions < V3.3), Opcenter Quality (All versions < V11.3), Opcenter RD&L (V8.0), SIMATIC IT LMS (All versions < V2.6), SIMATIC IT Production Suite (All versions < V8.0), SIMATIC Notifier Server for Windows (All versions), SIMATIC PCS neo (All versions < V3.0 SP1), SIMATIC STEP 7 (TIA Portal) V15 (All versions < V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 2), SIMOCODE ES V15.1 (All versions < V15.1 Update 4), SIMOCODE ES V16 (All versions < V16 Update 1), Soft Starter ES V15.1 (All versions < V15.1 Update 3), Soft Starter ES V16 (All versions < V16 Update 1). Sending multiple specially crafted packets to the affected service could cause a partial remote denial-of-service, that would cause the service to restart itself. On some cases the vulnerability could leak random information from the remote service. Several Siemens products contain resource exhaustion vulnerabilities.Information is obtained and denial of service (DoS) It may be put in a state. A resource management error vulnerability exists in . This vulnerability stems from improper management of system resources (such as memory, disk space, files, etc.) by network systems or products. The following products and versions are affected:
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202007-1236", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "soft starter es", scope: "lt", trust: 1, vendor: "siemens", version: "15.1", }, { model: "simocode es", scope: "eq", trust: 1, vendor: "siemens", version: "16", }, { model: "simatic notifier server", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "opcenter execution discrete", scope: "lt", trust: 1, vendor: "siemens", version: "3.2", }, { model: "opcenter quality", scope: "lt", trust: 1, vendor: "siemens", version: "11.3", }, { model: "simatic pcs neo", scope: "eq", trust: 1, vendor: "siemens", version: "3.0", }, { model: "simatic step 7", scope: "eq", trust: 1, vendor: "siemens", version: "15.1", }, { model: "simatic pcs neo", scope: "lt", trust: 1, vendor: "siemens", version: "3.0", }, { model: "simatic it lms", scope: "lt", trust: 1, vendor: "siemens", version: "2.6", }, { model: "opcenter intelligence", scope: "lt", trust: 1, vendor: "siemens", version: "3.3", }, { model: "simatic step 7", scope: "gte", trust: 1, vendor: "siemens", version: "15", }, { model: "simatic step 7", scope: "eq", trust: 1, vendor: "siemens", version: "16", }, { model: "simocode es", scope: "eq", trust: 1, vendor: "siemens", version: "15.1", }, { model: "simatic it production suite", scope: "lt", trust: 1, vendor: "siemens", version: "8.0", }, { model: "soft starter es", scope: "eq", trust: 1, vendor: "siemens", version: "15.1", }, { model: "simocode es", scope: "lt", trust: 1, vendor: "siemens", version: "15.1", }, { model: "opcenter rd\\&l", scope: "eq", trust: 1, vendor: "siemens", version: "8.0", }, { model: "opcenter execution foundation", scope: "lt", trust: 1, vendor: "siemens", version: "3.2", }, { model: "opcenter execution process", scope: "lt", trust: 1, vendor: "siemens", version: "3.2", }, { model: "simatic step 7", scope: "lt", trust: 1, vendor: "siemens", version: "15.1", }, { model: "opcenter execution discrete", scope: "lt", trust: 0.8, vendor: "シーメンス", version: "3.2", }, { model: "opcenter execution foundation", scope: "lt", trust: 0.8, vendor: "シーメンス", version: "3.2", }, { model: "opcenter execution process", scope: "lt", trust: 0.8, vendor: "シーメンス", version: "3.2", }, { model: "opcenter intelligence", scope: "eq", trust: 0.8, vendor: "シーメンス", version: null, }, { model: "opcenter quality", scope: "lt", trust: 0.8, vendor: "シーメンス", version: "11.3", }, { model: "opcenter rd&26l", scope: "eq", trust: 0.8, vendor: "シーメンス", version: "8.0", }, { model: "simatic it lms", scope: "eq", trust: 0.8, vendor: "シーメンス", version: null, }, { model: "simatic it production suite", scope: "eq", trust: 0.8, vendor: "シーメンス", version: null, }, { model: "simatic notifier server", scope: "eq", trust: 0.8, vendor: "シーメンス", version: null, }, { model: "simatic pcs neo", scope: "lt", trust: 0.8, vendor: "シーメンス", version: "3.0 sp1", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2020-008064", }, { db: "NVD", id: "CVE-2020-7587", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:siemens:opcenter_execution_discrete:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "3.2", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:siemens:opcenter_execution_foundation:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "3.2", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:siemens:opcenter_execution_process:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "3.2", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:siemens:opcenter_quality:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "11.3", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:siemens:opcenter_rd\\&l:8.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:siemens:simatic_step_7:16:update1:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:siemens:simatic_step_7:16:-:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:siemens:simatic_notifier_server:*:*:*:*:*:windows:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:siemens:soft_starter_es:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "15.1", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:siemens:simocode_es:16:-:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:siemens:simatic_step_7:15.1:-:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:siemens:simocode_es:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "15.1", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:siemens:simatic_pcs_neo:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "3.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:siemens:simatic_it_production_suite:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "8.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:siemens:simatic_it_lms:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.6", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:siemens:simatic_pcs_neo:3.0:-:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:siemens:simatic_step_7:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "15.1", versionStartIncluding: "15", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:siemens:simocode_es:15.1:-:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:siemens:soft_starter_es:15.1:-:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:siemens:opcenter_intelligence:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "3.3", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2020-7587", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Victor Fidalgo of INCIBE and Reid Wightman of Dragos reported these vulnerabilities to Siemens.", sources: [ { db: "CNNVD", id: "CNNVD-202007-573", }, ], trust: 0.6, }, cve: "CVE-2020-7587", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "PARTIAL", baseScore: 6.4, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, impactScore: 4.9, integrityImpact: "NONE", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "None", author: "NVD", availabilityImpact: "Partial", baseScore: 6.4, confidentialityImpact: "Partial", exploitabilityScore: null, id: "CVE-2020-7587", impactScore: null, integrityImpact: "None", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.9, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:P", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "VULHUB", availabilityImpact: "PARTIAL", baseScore: 6.4, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, id: "VHN-185712", impactScore: 4.9, integrityImpact: "NONE", severity: "MEDIUM", trust: 0.1, vectorString: "AV:N/AC:L/AU:N/C:P/I:N/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "LOW", baseScore: 8.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, impactScore: 4.2, integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "Low", baseScore: 8.2, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2020-7587", impactScore: null, integrityImpact: "None", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2020-7587", trust: 1.8, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-202007-573", trust: 0.6, value: "HIGH", }, { author: "VULHUB", id: "VHN-185712", trust: 0.1, value: "MEDIUM", }, { author: "VULMON", id: "CVE-2020-7587", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "VULHUB", id: "VHN-185712", }, { db: "VULMON", id: "CVE-2020-7587", }, { db: "JVNDB", id: "JVNDB-2020-008064", }, { db: "NVD", id: "CVE-2020-7587", }, { db: "CNNVD", id: "CNNVD-202007-573", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "A vulnerability has been identified in Opcenter Execution Discrete (All versions < V3.2), Opcenter Execution Foundation (All versions < V3.2), Opcenter Execution Process (All versions < V3.2), Opcenter Intelligence (All versions < V3.3), Opcenter Quality (All versions < V11.3), Opcenter RD&L (V8.0), SIMATIC IT LMS (All versions < V2.6), SIMATIC IT Production Suite (All versions < V8.0), SIMATIC Notifier Server for Windows (All versions), SIMATIC PCS neo (All versions < V3.0 SP1), SIMATIC STEP 7 (TIA Portal) V15 (All versions < V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 2), SIMOCODE ES V15.1 (All versions < V15.1 Update 4), SIMOCODE ES V16 (All versions < V16 Update 1), Soft Starter ES V15.1 (All versions < V15.1 Update 3), Soft Starter ES V16 (All versions < V16 Update 1). Sending multiple specially crafted packets to the affected service could cause a partial remote denial-of-service, that would cause the service to restart itself. On some cases the vulnerability could leak random information from the remote service. Several Siemens products contain resource exhaustion vulnerabilities.Information is obtained and denial of service (DoS) It may be put in a state. A resource management error vulnerability exists in . This vulnerability stems from improper management of system resources (such as memory, disk space, files, etc.) by network systems or products. The following products and versions are affected:", sources: [ { db: "NVD", id: "CVE-2020-7587", }, { db: "JVNDB", id: "JVNDB-2020-008064", }, { db: "VULHUB", id: "VHN-185712", }, { db: "VULMON", id: "CVE-2020-7587", }, ], trust: 1.8, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2020-7587", trust: 2.6, }, { db: "SIEMENS", id: "SSA-841348", trust: 1.8, }, { db: "JVN", id: "JVNVU97872642", trust: 0.8, }, { db: "JVNDB", id: "JVNDB-2020-008064", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-202007-573", trust: 0.7, }, { db: "ICS CERT", id: "ICSA-20-196-05", trust: 0.6, }, { db: "AUSCERT", id: "ESB-2020.2393.2", trust: 0.6, }, { db: "AUSCERT", id: "ESB-2020.2393", trust: 0.6, }, { db: "CNVD", id: "CNVD-2021-54362", trust: 0.1, }, { db: "VULHUB", id: "VHN-185712", trust: 0.1, }, { db: "VULMON", id: "CVE-2020-7587", trust: 0.1, }, ], sources: [ { db: "VULHUB", id: "VHN-185712", }, { db: "VULMON", id: "CVE-2020-7587", }, { db: "JVNDB", id: "JVNDB-2020-008064", }, { db: "NVD", id: "CVE-2020-7587", }, { db: "CNNVD", id: "CNNVD-202007-573", }, ], }, id: "VAR-202007-1236", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VULHUB", id: "VHN-185712", }, ], trust: 0.60384615, }, last_update_date: "2023-12-18T11:58:10.780000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "SSA-841348", trust: 0.8, url: "https://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdf", }, { title: "Siemens Security Advisories: Siemens Security Advisory", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=2c5193074a957cb3ecdc0e93e2ad86b5", }, { title: "", trust: 0.1, url: "https://github.com/live-hack-cve/cve-2020-7587 ", }, ], sources: [ { db: "VULMON", id: "CVE-2020-7587", }, { db: "JVNDB", id: "JVNDB-2020-008064", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-400", trust: 1.1, }, { problemtype: "Resource exhaustion (CWE-400) [NVD Evaluation ]", trust: 0.8, }, ], sources: [ { db: "VULHUB", id: "VHN-185712", }, { db: "JVNDB", id: "JVNDB-2020-008064", }, { db: "NVD", id: "CVE-2020-7587", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.8, url: "https://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdf", }, { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2020-7587", }, { trust: 0.8, url: "https://jvn.jp/vu/jvnvu97872642/", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2020.2393.2/", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2020.2393/", }, { trust: 0.6, url: "https://vigilance.fr/vulnerability/simatic-multiple-vulnerabilities-via-umc-stack-32813", }, { trust: 0.6, url: "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-05", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/400.html", }, { trust: 0.1, url: "https://github.com/live-hack-cve/cve-2020-7587", }, { trust: 0.1, url: "https://nvd.nist.gov", }, { trust: 0.1, url: "https://cert-portal.siemens.com/productcert/txt/ssa-841348.txt", }, ], sources: [ { db: "VULHUB", id: "VHN-185712", }, { db: "VULMON", id: "CVE-2020-7587", }, { db: "JVNDB", id: "JVNDB-2020-008064", }, { db: "NVD", id: "CVE-2020-7587", }, { db: "CNNVD", id: "CNNVD-202007-573", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULHUB", id: "VHN-185712", }, { db: "VULMON", id: "CVE-2020-7587", }, { db: "JVNDB", id: "JVNDB-2020-008064", }, { db: "NVD", id: "CVE-2020-7587", }, { db: "CNNVD", id: "CNNVD-202007-573", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-07-14T00:00:00", db: "VULHUB", id: "VHN-185712", }, { date: "2020-07-14T00:00:00", db: "VULMON", id: "CVE-2020-7587", }, { date: "2020-09-03T00:00:00", db: "JVNDB", id: "JVNDB-2020-008064", }, { date: "2020-07-14T14:15:18.930000", db: "NVD", id: "CVE-2020-7587", }, { date: "2020-07-14T00:00:00", db: "CNNVD", id: "CNNVD-202007-573", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-01-30T00:00:00", db: "VULHUB", id: "VHN-185712", }, { date: "2023-01-30T00:00:00", db: "VULMON", id: "CVE-2020-7587", }, { date: "2020-09-03T00:00:00", db: "JVNDB", id: "JVNDB-2020-008064", }, { date: "2023-01-30T19:53:59.707000", db: "NVD", id: "CVE-2020-7587", }, { date: "2022-08-11T00:00:00", db: "CNNVD", id: "CNNVD-202007-573", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202007-573", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Resource exhaustion vulnerabilities in multiple Siemens products", sources: [ { db: "JVNDB", id: "JVNDB-2020-008064", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "resource management error", sources: [ { db: "CNNVD", id: "CNNVD-202007-573", }, ], trust: 0.6, }, }
var-202007-1249
Vulnerability from variot
A vulnerability has been identified in Opcenter Execution Discrete (All versions < V3.2), Opcenter Execution Foundation (All versions < V3.2), Opcenter Execution Process (All versions < V3.2), Opcenter Intelligence (All versions < V3.3), Opcenter Quality (All versions < V11.3), Opcenter RD&L (V8.0), SIMATIC Notifier Server for Windows (All versions), SIMATIC PCS neo (All versions < V3.0 SP1), SIMATIC STEP 7 (TIA Portal) V15 (All versions < V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 2), SIMOCODE ES V15.1 (All versions < V15.1 Update 4), SIMOCODE ES V16 (All versions < V16 Update 1), Soft Starter ES V15.1 (All versions < V15.1 Update 3), Soft Starter ES V16 (All versions < V16 Update 1). A component within the affected application calls a helper binary with SYSTEM privileges during startup while the call path is not quoted. This could allow a local attacker with administrative privileges to execute code with SYSTEM level privileges. Multiple Siemens products contain vulnerabilities in unquoted search paths or elements.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. A code issue vulnerability exists in Siemens. This vulnerability stems from improper design or implementation problems in the code development process of network systems or products
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202007-1249", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "simatic step 7", scope: "lt", trust: 1, vendor: "siemens", version: "16", }, { model: "simocode es", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "soft starter es", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "simatic notifier server", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "opcenter intelligence", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "simatic pcs neo", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "opcenter execution discrete", scope: "lt", trust: 1, vendor: "siemens", version: "3.2", }, { model: "opcenter quality", scope: "lt", trust: 1, vendor: "siemens", version: "11.3", }, { model: "simatic step 7", scope: "eq", trust: 1, vendor: "siemens", version: "16", }, { model: "opcenter rd\\&l", scope: "eq", trust: 1, vendor: "siemens", version: "8.0", }, { model: "opcenter execution foundation", scope: "lt", trust: 1, vendor: "siemens", version: "3.2", }, { model: "opcenter execution process", scope: "lt", trust: 1, vendor: "siemens", version: "3.2", }, { model: "opcenter execution discrete", scope: "eq", trust: 0.8, vendor: "siemens", version: "3.2", }, { model: "opcenter execution foundation", scope: "eq", trust: 0.8, vendor: "siemens", version: "3.2", }, { model: "opcenter execution process", scope: "eq", trust: 0.8, vendor: "siemens", version: "3.2", }, { model: "opcenter intelligence", scope: null, trust: 0.8, vendor: "siemens", version: null, }, { model: "opcenter quality", scope: "eq", trust: 0.8, vendor: "siemens", version: "11.3", }, { model: "opcenter rd&26l", scope: "eq", trust: 0.8, vendor: "siemens", version: "8.0", }, { model: "simatic notifier server", scope: null, trust: 0.8, vendor: "siemens", version: null, }, { model: "simatic pcs neo", scope: "eq", trust: 0.8, vendor: "siemens", version: "3.0 sp1", }, { model: "simatic step 7", scope: "eq", trust: 0.8, vendor: "siemens", version: "15.1 update 5", }, { model: "simatic step 7", scope: "eq", trust: 0.8, vendor: "siemens", version: "16 update 2", }, { model: "simocode es", scope: null, trust: 0.8, vendor: "siemens", version: null, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2020-008611", }, { db: "NVD", id: "CVE-2020-7581", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:siemens:simatic_pcs_neo:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:siemens:opcenter_execution_discrete:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "3.2", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:siemens:opcenter_execution_foundation:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "3.2", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:siemens:opcenter_execution_process:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "3.2", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:siemens:opcenter_intelligence:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:siemens:opcenter_quality:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "11.3", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:siemens:opcenter_rd\\&l:8.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:siemens:simatic_step_7:16:update1:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:siemens:simatic_step_7:16:-:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:siemens:simatic_step_7:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "16", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:siemens:soft_starter_es:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:siemens:simocode_es:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:siemens:simatic_notifier_server:*:*:*:*:*:windows:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2020-7581", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Victor Fidalgo of INCIBE and Reid Wightman of Dragos reported these vulnerabilities to Siemens.", sources: [ { db: "CNNVD", id: "CNNVD-202007-574", }, ], trust: 0.6, }, cve: "CVE-2020-7581", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", author: "NVD", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", exploitabilityScore: 3.9, impactScore: 10, integrityImpact: "COMPLETE", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "HIGH", trust: 1, userInteractionRequired: false, vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Local", authentication: "None", author: "NVD", availabilityImpact: "Complete", baseScore: 7.2, confidentialityImpact: "Complete", exploitabilityScore: null, id: "JVNDB-2020-008611", impactScore: null, integrityImpact: "Complete", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "High", trust: 0.8, userInteractionRequired: null, vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", author: "VULHUB", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", exploitabilityScore: 3.9, id: "VHN-185706", impactScore: 10, integrityImpact: "COMPLETE", severity: "HIGH", trust: 0.1, vectorString: "AV:L/AC:L/AU:N/C:C/I:C/A:C", version: "2.0", }, { acInsufInfo: null, accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", author: "VULMON", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", exploitabilityScore: 3.9, id: "CVE-2020-7581", impactScore: 10, integrityImpact: "COMPLETE", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "HIGH", trust: 0.1, userInteractionRequired: null, vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "LOCAL", author: "NVD", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 0.8, impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Local", author: "NVD", availabilityImpact: "High", baseScore: 6.7, baseSeverity: "Medium", confidentialityImpact: "High", exploitabilityScore: null, id: "JVNDB-2020-008611", impactScore: null, integrityImpact: "High", privilegesRequired: "High", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2020-7581", trust: 1, value: "MEDIUM", }, { author: "NVD", id: "JVNDB-2020-008611", trust: 0.8, value: "Medium", }, { author: "CNNVD", id: "CNNVD-202007-574", trust: 0.6, value: "MEDIUM", }, { author: "VULHUB", id: "VHN-185706", trust: 0.1, value: "HIGH", }, { author: "VULMON", id: "CVE-2020-7581", trust: 0.1, value: "HIGH", }, ], }, ], sources: [ { db: "VULHUB", id: "VHN-185706", }, { db: "VULMON", id: "CVE-2020-7581", }, { db: "JVNDB", id: "JVNDB-2020-008611", }, { db: "NVD", id: "CVE-2020-7581", }, { db: "CNNVD", id: "CNNVD-202007-574", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "A vulnerability has been identified in Opcenter Execution Discrete (All versions < V3.2), Opcenter Execution Foundation (All versions < V3.2), Opcenter Execution Process (All versions < V3.2), Opcenter Intelligence (All versions < V3.3), Opcenter Quality (All versions < V11.3), Opcenter RD&L (V8.0), SIMATIC Notifier Server for Windows (All versions), SIMATIC PCS neo (All versions < V3.0 SP1), SIMATIC STEP 7 (TIA Portal) V15 (All versions < V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 2), SIMOCODE ES V15.1 (All versions < V15.1 Update 4), SIMOCODE ES V16 (All versions < V16 Update 1), Soft Starter ES V15.1 (All versions < V15.1 Update 3), Soft Starter ES V16 (All versions < V16 Update 1). A component within the affected application calls a helper binary with SYSTEM privileges during startup while the call path is not quoted. This could allow a local attacker with administrative privileges to execute code with SYSTEM level privileges. Multiple Siemens products contain vulnerabilities in unquoted search paths or elements.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. A code issue vulnerability exists in Siemens. This vulnerability stems from improper design or implementation problems in the code development process of network systems or products", sources: [ { db: "NVD", id: "CVE-2020-7581", }, { db: "JVNDB", id: "JVNDB-2020-008611", }, { db: "VULHUB", id: "VHN-185706", }, { db: "VULMON", id: "CVE-2020-7581", }, ], trust: 1.8, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2020-7581", trust: 2.6, }, { db: "SIEMENS", id: "SSA-841348", trust: 1.8, }, { db: "ICS CERT", id: "ICSA-20-196-05", trust: 1.4, }, { db: "JVN", id: "JVNVU97872642", trust: 0.8, }, { db: "JVNDB", id: "JVNDB-2020-008611", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-202007-574", trust: 0.7, }, { db: "AUSCERT", id: "ESB-2020.2393.2", trust: 0.6, }, { db: "AUSCERT", id: "ESB-2020.2393", trust: 0.6, }, { db: "VULHUB", id: "VHN-185706", trust: 0.1, }, { db: "VULMON", id: "CVE-2020-7581", trust: 0.1, }, ], sources: [ { db: "VULHUB", id: "VHN-185706", }, { db: "VULMON", id: "CVE-2020-7581", }, { db: "JVNDB", id: "JVNDB-2020-008611", }, { db: "NVD", id: "CVE-2020-7581", }, { db: "CNNVD", id: "CNNVD-202007-574", }, ], }, id: "VAR-202007-1249", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VULHUB", id: "VHN-185706", }, ], trust: 0.7076922999999999, }, last_update_date: "2023-12-18T11:58:11.084000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "SSA-841348", trust: 0.8, url: "https://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdf", }, { title: "Siemens Security Advisories: Siemens Security Advisory", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=2c5193074a957cb3ecdc0e93e2ad86b5", }, { title: "", trust: 0.1, url: "https://github.com/live-hack-cve/cve-2020-7581 ", }, ], sources: [ { db: "VULMON", id: "CVE-2020-7581", }, { db: "JVNDB", id: "JVNDB-2020-008611", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-428", trust: 1.9, }, ], sources: [ { db: "VULHUB", id: "VHN-185706", }, { db: "JVNDB", id: "JVNDB-2020-008611", }, { db: "NVD", id: "CVE-2020-7581", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.8, url: "https://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdf", }, { trust: 1.4, url: "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-05", }, { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2020-7581", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-7581", }, { trust: 0.8, url: "https://jvn.jp/vu/jvnvu97872642/", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2020.2393.2/", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2020.2393/", }, { trust: 0.6, url: "https://vigilance.fr/vulnerability/simatic-multiple-vulnerabilities-via-umc-stack-32813", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/428.html", }, { trust: 0.1, url: "https://github.com/live-hack-cve/cve-2020-7581", }, { trust: 0.1, url: "https://nvd.nist.gov", }, { trust: 0.1, url: "https://cert-portal.siemens.com/productcert/txt/ssa-841348.txt", }, ], sources: [ { db: "VULHUB", id: "VHN-185706", }, { db: "VULMON", id: "CVE-2020-7581", }, { db: "JVNDB", id: "JVNDB-2020-008611", }, { db: "NVD", id: "CVE-2020-7581", }, { db: "CNNVD", id: "CNNVD-202007-574", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULHUB", id: "VHN-185706", }, { db: "VULMON", id: "CVE-2020-7581", }, { db: "JVNDB", id: "JVNDB-2020-008611", }, { db: "NVD", id: "CVE-2020-7581", }, { db: "CNNVD", id: "CNNVD-202007-574", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-07-14T00:00:00", db: "VULHUB", id: "VHN-185706", }, { date: "2020-07-14T00:00:00", db: "VULMON", id: "CVE-2020-7581", }, { date: "2020-09-17T00:00:00", db: "JVNDB", id: "JVNDB-2020-008611", }, { date: "2020-07-14T14:15:18.587000", db: "NVD", id: "CVE-2020-7581", }, { date: "2020-07-14T00:00:00", db: "CNNVD", id: "CNNVD-202007-574", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-01-30T00:00:00", db: "VULHUB", id: "VHN-185706", }, { date: "2023-01-30T00:00:00", db: "VULMON", id: "CVE-2020-7581", }, { date: "2020-09-28T00:00:00", db: "JVNDB", id: "JVNDB-2020-008611", }, { date: "2023-01-30T19:54:07.110000", db: "NVD", id: "CVE-2020-7581", }, { date: "2022-08-11T00:00:00", db: "CNNVD", id: "CNNVD-202007-574", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "local", sources: [ { db: "CNNVD", id: "CNNVD-202007-574", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Vulnerabilities in unquoted search paths or elements in multiple Siemens products", sources: [ { db: "JVNDB", id: "JVNDB-2020-008611", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "code problem", sources: [ { db: "CNNVD", id: "CNNVD-202007-574", }, ], trust: 0.6, }, }