All the vulnerabilites related to Siemens - SIMATIC IT LMS
var-202007-1236
Vulnerability from variot

A vulnerability has been identified in Opcenter Execution Discrete (All versions < V3.2), Opcenter Execution Foundation (All versions < V3.2), Opcenter Execution Process (All versions < V3.2), Opcenter Intelligence (All versions < V3.3), Opcenter Quality (All versions < V11.3), Opcenter RD&L (V8.0), SIMATIC IT LMS (All versions < V2.6), SIMATIC IT Production Suite (All versions < V8.0), SIMATIC Notifier Server for Windows (All versions), SIMATIC PCS neo (All versions < V3.0 SP1), SIMATIC STEP 7 (TIA Portal) V15 (All versions < V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 2), SIMOCODE ES V15.1 (All versions < V15.1 Update 4), SIMOCODE ES V16 (All versions < V16 Update 1), Soft Starter ES V15.1 (All versions < V15.1 Update 3), Soft Starter ES V16 (All versions < V16 Update 1). Sending multiple specially crafted packets to the affected service could cause a partial remote denial-of-service, that would cause the service to restart itself. On some cases the vulnerability could leak random information from the remote service. Several Siemens products contain resource exhaustion vulnerabilities.Information is obtained and denial of service (DoS) It may be put in a state. A resource management error vulnerability exists in . This vulnerability stems from improper management of system resources (such as memory, disk space, files, etc.) by network systems or products. The following products and versions are affected:

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202007-1236",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "soft starter es",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "15.1"
      },
      {
        "model": "simocode es",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "16"
      },
      {
        "model": "simatic notifier server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "opcenter execution discrete",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "3.2"
      },
      {
        "model": "opcenter quality",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "11.3"
      },
      {
        "model": "simatic pcs neo",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "3.0"
      },
      {
        "model": "simatic step 7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "15.1"
      },
      {
        "model": "simatic pcs neo",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "3.0"
      },
      {
        "model": "simatic it lms",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.6"
      },
      {
        "model": "opcenter intelligence",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "3.3"
      },
      {
        "model": "simatic step 7",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "15"
      },
      {
        "model": "simatic step 7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "16"
      },
      {
        "model": "simocode es",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "15.1"
      },
      {
        "model": "simatic it production suite",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "8.0"
      },
      {
        "model": "soft starter es",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "15.1"
      },
      {
        "model": "simocode es",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "15.1"
      },
      {
        "model": "opcenter rd\\\u0026l",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "8.0"
      },
      {
        "model": "opcenter execution foundation",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "3.2"
      },
      {
        "model": "opcenter execution process",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "3.2"
      },
      {
        "model": "simatic step 7",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "15.1"
      },
      {
        "model": "opcenter execution discrete",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": "3.2"
      },
      {
        "model": "opcenter execution foundation",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": "3.2"
      },
      {
        "model": "opcenter execution process",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": "3.2"
      },
      {
        "model": "opcenter intelligence",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "opcenter quality",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": "11.3"
      },
      {
        "model": "opcenter rd\u002626l",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": "8.0"
      },
      {
        "model": "simatic it lms",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "simatic it production suite",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "simatic notifier server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "simatic pcs neo",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": "3.0 sp1"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-008064"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-7587"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:siemens:opcenter_execution_discrete:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "3.2",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:opcenter_execution_foundation:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "3.2",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:opcenter_execution_process:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "3.2",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:opcenter_quality:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "11.3",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:opcenter_rd\\\u0026l:8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simatic_step_7:16:update1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simatic_step_7:16:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simatic_notifier_server:*:*:*:*:*:windows:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:soft_starter_es:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "15.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simocode_es:16:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simatic_step_7:15.1:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simocode_es:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "15.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simatic_pcs_neo:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "3.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simatic_it_production_suite:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "8.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simatic_it_lms:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2.6",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simatic_pcs_neo:3.0:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simatic_step_7:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "15.1",
                "versionStartIncluding": "15",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simocode_es:15.1:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:soft_starter_es:15.1:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:opcenter_intelligence:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "3.3",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-7587"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Victor Fidalgo of INCIBE and Reid Wightman of Dragos reported these vulnerabilities to Siemens.",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202007-573"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2020-7587",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.4,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 4.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 6.4,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2020-7587",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.4,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-185712",
            "impactScore": 4.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "LOW",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "impactScore": 4.2,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "Low",
            "baseScore": 8.2,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2020-7587",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2020-7587",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202007-573",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-185712",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2020-7587",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-185712"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-7587"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-008064"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-7587"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202007-573"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A vulnerability has been identified in Opcenter Execution Discrete (All versions \u003c V3.2), Opcenter Execution Foundation (All versions \u003c V3.2), Opcenter Execution Process (All versions \u003c V3.2), Opcenter Intelligence (All versions \u003c V3.3), Opcenter Quality (All versions \u003c V11.3), Opcenter RD\u0026L (V8.0), SIMATIC IT LMS (All versions \u003c V2.6), SIMATIC IT Production Suite (All versions \u003c V8.0), SIMATIC Notifier Server for Windows (All versions), SIMATIC PCS neo (All versions \u003c V3.0 SP1), SIMATIC STEP 7 (TIA Portal) V15 (All versions \u003c V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions \u003c V16 Update 2), SIMOCODE ES V15.1 (All versions \u003c V15.1 Update 4), SIMOCODE ES V16 (All versions \u003c V16 Update 1), Soft Starter ES V15.1 (All versions \u003c V15.1 Update 3), Soft Starter ES V16 (All versions \u003c V16 Update 1). Sending multiple specially crafted packets to the affected service could cause a partial remote denial-of-service, that would cause the service to restart itself. On some cases the vulnerability could leak random information from the remote service. Several Siemens products contain resource exhaustion vulnerabilities.Information is obtained and denial of service (DoS) It may be put in a state. A resource management error vulnerability exists in . This vulnerability stems from improper management of system resources (such as memory, disk space, files, etc.) by network systems or products. The following products and versions are affected:",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-7587"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-008064"
      },
      {
        "db": "VULHUB",
        "id": "VHN-185712"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-7587"
      }
    ],
    "trust": 1.8
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2020-7587",
        "trust": 2.6
      },
      {
        "db": "SIEMENS",
        "id": "SSA-841348",
        "trust": 1.8
      },
      {
        "db": "JVN",
        "id": "JVNVU97872642",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-008064",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202007-573",
        "trust": 0.7
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-20-196-05",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.2393.2",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.2393",
        "trust": 0.6
      },
      {
        "db": "CNVD",
        "id": "CNVD-2021-54362",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-185712",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-7587",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-185712"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-7587"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-008064"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-7587"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202007-573"
      }
    ]
  },
  "id": "VAR-202007-1236",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-185712"
      }
    ],
    "trust": 0.60384615
  },
  "last_update_date": "2023-12-18T11:58:10.780000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "SSA-841348",
        "trust": 0.8,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdf"
      },
      {
        "title": "Siemens Security Advisories: Siemens Security Advisory",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=2c5193074a957cb3ecdc0e93e2ad86b5"
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/live-hack-cve/cve-2020-7587 "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2020-7587"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-008064"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-400",
        "trust": 1.1
      },
      {
        "problemtype": "Resource exhaustion (CWE-400) [NVD Evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-185712"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-008064"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-7587"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.8,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdf"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7587"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/vu/jvnvu97872642/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.2393.2/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.2393/"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/simatic-multiple-vulnerabilities-via-umc-stack-32813"
      },
      {
        "trust": 0.6,
        "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-05"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/400.html"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/live-hack-cve/cve-2020-7587"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://cert-portal.siemens.com/productcert/txt/ssa-841348.txt"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-185712"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-7587"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-008064"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-7587"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202007-573"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-185712"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-7587"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-008064"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-7587"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202007-573"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-07-14T00:00:00",
        "db": "VULHUB",
        "id": "VHN-185712"
      },
      {
        "date": "2020-07-14T00:00:00",
        "db": "VULMON",
        "id": "CVE-2020-7587"
      },
      {
        "date": "2020-09-03T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-008064"
      },
      {
        "date": "2020-07-14T14:15:18.930000",
        "db": "NVD",
        "id": "CVE-2020-7587"
      },
      {
        "date": "2020-07-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202007-573"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-01-30T00:00:00",
        "db": "VULHUB",
        "id": "VHN-185712"
      },
      {
        "date": "2023-01-30T00:00:00",
        "db": "VULMON",
        "id": "CVE-2020-7587"
      },
      {
        "date": "2020-09-03T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-008064"
      },
      {
        "date": "2023-01-30T19:53:59.707000",
        "db": "NVD",
        "id": "CVE-2020-7587"
      },
      {
        "date": "2022-08-11T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202007-573"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202007-573"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Resource exhaustion vulnerabilities in multiple Siemens products",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-008064"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "resource management error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202007-573"
      }
    ],
    "trust": 0.6
  }
}

var-201812-0341
Vulnerability from variot

A vulnerability has been identified in SIMATIC IT LMS (All versions), SIMATIC IT Production Suite (Versions V7.1 < V7.1 Upd3), SIMATIC IT UA Discrete Manufacturing (Versions < V1.2), SIMATIC IT UA Discrete Manufacturing (Versions V1.2), SIMATIC IT UA Discrete Manufacturing (Versions V1.3), SIMATIC IT UA Discrete Manufacturing (Versions V2.3), SIMATIC IT UA Discrete Manufacturing (Versions V2.4). An attacker with network access to the installation could bypass the application-level authentication. In order to exploit the vulnerability, an attacker must obtain network access to an affected installation and must obtain a valid username to the system. Successful exploitation requires no user privileges and no user interaction. The vulnerability could allow an attacker to compromise confidentiality, integrity and availability of the system. At the time of advisory publication no public exploitation of this vulnerability was known. SIMATIC IT LMS , SIMATIC IT Production Suite , SIMATIC IT UA Discrete Manufacturing Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Siemens SIMATIC IT LMS is a line monitoring system for overall equipment performance (OEE). The SIMATIC IT Production Suite is a factory production management suite. This may aid in further attacks. # ICS Advisory (ICSA-18-317-07) ## Siemens SIMATIC IT Production Suite Original release date: November 13, 2018 Print Document Tweet Like Me Share ### Legal Notice All information products included in https://us-cert.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information..

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201812-0341",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "simatic it ua discrete manufacturing",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "siemens",
        "version": "2.3"
      },
      {
        "model": "simatic it ua discrete manufacturing",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "v2.4"
      },
      {
        "model": "simatic it ua discrete manufacturing",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "v1.2"
      },
      {
        "model": "simatic it ua discrete manufacturing",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "v1.3"
      },
      {
        "model": "simatic it production suite",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "v7.1"
      },
      {
        "model": "simatic it line monitoring system",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "simatic it ua discrete manufacturing",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "v2.3"
      },
      {
        "model": "simatic it ua discrete manufacturing",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "siemens",
        "version": "2.4"
      },
      {
        "model": "simatic it lms",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic it ua discrete manufacturing",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "siemens",
        "version": "1.3"
      },
      {
        "model": "simatic it production suite",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "siemens",
        "version": "7.1 upd3"
      },
      {
        "model": "simatic it ua discrete manufacturing",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "siemens",
        "version": "1.2 and earlier"
      },
      {
        "model": "simatic it production suite",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "siemens",
        "version": "7.1"
      },
      {
        "model": "simatic it lms all",
        "scope": null,
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic it ua discrete manufacturing",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "2.4"
      },
      {
        "model": "simatic it production suite upd3",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "7.1.*\u003c7.1"
      },
      {
        "model": "simatic it production suite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "7.1"
      },
      {
        "model": "simatic it production suite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "simatic it lms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "telecontrol server basic",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "3.1"
      },
      {
        "model": "simatic it ua discrete manufacturing",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "2.4"
      },
      {
        "model": "simatic it production suite upd3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "7.1"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic it line monitoring system",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic it production suite",
        "version": "v7.1"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic it ua discrete manufacturing",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic it ua discrete manufacturing",
        "version": "v1.3"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic it ua discrete manufacturing",
        "version": "v2.3"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic it ua discrete manufacturing",
        "version": "v2.4"
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "7d82d140-463f-11e9-9d7d-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-25912"
      },
      {
        "db": "BID",
        "id": "105924"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-014497"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-13804"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simatic_it_ua_discrete_manufacturing:v2.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simatic_it_ua_discrete_manufacturing:v1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simatic_it_ua_discrete_manufacturing:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "v1.2",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simatic_it_production_suite:v7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simatic_it_ua_discrete_manufacturing:v2.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simatic_it_line_monitoring_system:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-13804"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The vendor reported this issue.",
    "sources": [
      {
        "db": "BID",
        "id": "105924"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2018-13804",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 9.3,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2018-13804",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 4.9,
            "id": "CNVD-2018-25912",
            "impactScore": 9.5,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 4.9,
            "id": "7d82d140-463f-11e9-9d7d-000c29342cb1",
            "impactScore": 9.5,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.2,
            "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:P",
            "version": "2.9 [IVD]"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "id": "VHN-123900",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.2,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "High",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 8.1,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2018-13804",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2018-13804",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2018-25912",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201811-484",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "IVD",
            "id": "7d82d140-463f-11e9-9d7d-000c29342cb1",
            "trust": 0.2,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-123900",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "7d82d140-463f-11e9-9d7d-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-25912"
      },
      {
        "db": "VULHUB",
        "id": "VHN-123900"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-014497"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-13804"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201811-484"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A vulnerability has been identified in SIMATIC IT LMS (All versions), SIMATIC IT Production Suite (Versions V7.1 \u003c V7.1 Upd3), SIMATIC IT UA Discrete Manufacturing (Versions \u003c V1.2), SIMATIC IT UA Discrete Manufacturing (Versions V1.2), SIMATIC IT UA Discrete Manufacturing (Versions V1.3), SIMATIC IT UA Discrete Manufacturing (Versions V2.3), SIMATIC IT UA Discrete Manufacturing (Versions V2.4). An attacker with network access to the installation could bypass the application-level authentication. In order to exploit the vulnerability, an attacker must obtain network access to an affected installation and must obtain a valid username to the system. Successful exploitation requires no user privileges and no user interaction. The vulnerability could allow an attacker to compromise confidentiality, integrity and availability of the system. At the time of advisory publication no public exploitation of this vulnerability was known. SIMATIC IT LMS , SIMATIC IT Production Suite , SIMATIC IT UA Discrete Manufacturing Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Siemens SIMATIC IT LMS is a line monitoring system for overall equipment performance (OEE). The SIMATIC IT Production Suite is a factory production management suite. This may aid in further attacks. # ICS Advisory (ICSA-18-317-07) ## Siemens SIMATIC IT Production Suite Original release date: November 13, 2018 [Print Document](javascript:window.print\\(\\);) [Tweet](https://twitter.com/share?url=https%3A%2F%2Fus- cert.cisa.gov%2Fics%2Fadvisories%2FICSA-18-317-07) [Like Me](https://www.facebook.com/sharer.php?u=https%3A%2F%2Fus- cert.cisa.gov%2Fics%2Fadvisories%2FICSA-18-317-07) [Share](http://www.addthis.com/bookmark.php?url=https%3A%2F%2Fus- cert.cisa.gov%2Fics%2Fadvisories%2FICSA-18-317-07) ### Legal Notice All information products included in [https://us-cert.gov/ics](/ics) are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information..",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-13804"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-014497"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-25912"
      },
      {
        "db": "BID",
        "id": "105924"
      },
      {
        "db": "IVD",
        "id": "7d82d140-463f-11e9-9d7d-000c29342cb1"
      },
      {
        "db": "VULHUB",
        "id": "VHN-123900"
      }
    ],
    "trust": 2.7
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2018-13804",
        "trust": 3.6
      },
      {
        "db": "BID",
        "id": "105924",
        "trust": 2.0
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-18-317-07",
        "trust": 1.7
      },
      {
        "db": "SIEMENS",
        "id": "SSA-886615",
        "trust": 1.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-25912",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201811-484",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-014497",
        "trust": 0.8
      },
      {
        "db": "IVD",
        "id": "7D82D140-463F-11E9-9D7D-000C29342CB1",
        "trust": 0.2
      },
      {
        "db": "SEEBUG",
        "id": "SSVID-98857",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-123900",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "7d82d140-463f-11e9-9d7d-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-25912"
      },
      {
        "db": "VULHUB",
        "id": "VHN-123900"
      },
      {
        "db": "BID",
        "id": "105924"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-014497"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-13804"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201811-484"
      }
    ]
  },
  "id": "VAR-201812-0341",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "IVD",
        "id": "7d82d140-463f-11e9-9d7d-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-25912"
      },
      {
        "db": "VULHUB",
        "id": "VHN-123900"
      }
    ],
    "trust": 1.575
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "7d82d140-463f-11e9-9d7d-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-25912"
      }
    ]
  },
  "last_update_date": "2023-12-18T13:43:31.246000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "SSA-886615",
        "trust": 0.8,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-886615.pdf"
      },
      {
        "title": "Patch for Siemens SIMATIC IT LMS, SIMATIC IT Production Suite and SIMATIC IT UA Discrete Manufacturing Authorization Issue Vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/147647"
      },
      {
        "title": "Siemens SIMATIC IT LMS , SIMATIC IT Production Suite  and SIMATIC IT UA Discrete Manufacturing Remediation measures for authorization problem vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=86885"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-25912"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-014497"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201811-484"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-noinfo",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-284",
        "trust": 0.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-123900"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-014497"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-13804"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-317-07"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/105924"
      },
      {
        "trust": 1.7,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-886615.pdf"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-13804"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-13804"
      },
      {
        "trust": 0.3,
        "url": "http://www.siemens.com/"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-25912"
      },
      {
        "db": "VULHUB",
        "id": "VHN-123900"
      },
      {
        "db": "BID",
        "id": "105924"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-014497"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-13804"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201811-484"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "IVD",
        "id": "7d82d140-463f-11e9-9d7d-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-25912"
      },
      {
        "db": "VULHUB",
        "id": "VHN-123900"
      },
      {
        "db": "BID",
        "id": "105924"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-014497"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-13804"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201811-484"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-12-20T00:00:00",
        "db": "IVD",
        "id": "7d82d140-463f-11e9-9d7d-000c29342cb1"
      },
      {
        "date": "2018-12-20T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2018-25912"
      },
      {
        "date": "2018-12-13T00:00:00",
        "db": "VULHUB",
        "id": "VHN-123900"
      },
      {
        "date": "2018-11-13T00:00:00",
        "db": "BID",
        "id": "105924"
      },
      {
        "date": "2019-03-25T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-014497"
      },
      {
        "date": "2018-12-13T16:29:00.210000",
        "db": "NVD",
        "id": "CVE-2018-13804"
      },
      {
        "date": "2018-11-15T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201811-484"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-12-20T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2018-25912"
      },
      {
        "date": "2019-10-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-123900"
      },
      {
        "date": "2018-11-13T00:00:00",
        "db": "BID",
        "id": "105924"
      },
      {
        "date": "2019-03-29T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-014497"
      },
      {
        "date": "2019-10-09T23:34:32.683000",
        "db": "NVD",
        "id": "CVE-2018-13804"
      },
      {
        "date": "2019-10-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201811-484"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201811-484"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "plural  SIMATIC Access control vulnerabilities in products",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-014497"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Access control error",
    "sources": [
      {
        "db": "IVD",
        "id": "7d82d140-463f-11e9-9d7d-000c29342cb1"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201811-484"
      }
    ],
    "trust": 0.8
  }
}

var-202007-1237
Vulnerability from variot

A vulnerability has been identified in Opcenter Execution Discrete (All versions < V3.2), Opcenter Execution Foundation (All versions < V3.2), Opcenter Execution Process (All versions < V3.2), Opcenter Intelligence (All versions < V3.3), Opcenter Quality (All versions < V11.3), Opcenter RD&L (V8.0), SIMATIC IT LMS (All versions < V2.6), SIMATIC IT Production Suite (All versions < V8.0), SIMATIC Notifier Server for Windows (All versions), SIMATIC PCS neo (All versions < V3.0 SP1), SIMATIC STEP 7 (TIA Portal) V15 (All versions < V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 2), SIMOCODE ES V15.1 (All versions < V15.1 Update 4), SIMOCODE ES V16 (All versions < V16 Update 1), Soft Starter ES V15.1 (All versions < V15.1 Update 3), Soft Starter ES V16 (All versions < V16 Update 1). Sending a specially crafted packet to the affected service could cause a partial remote denial-of-service, that would cause the service to restart itself. Multiple Siemens products contain input validation vulnerabilities.Denial of service (DoS) It may be put in a state. An input validation error vulnerability exists in . The vulnerability stems from the failure of the network system or product to properly validate the input data. The following products and versions are affected:

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202007-1237",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "simatic step 7",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "15"
      },
      {
        "model": "simocode es",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "soft starter es",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "opcenter intelligence",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "simatic notifier server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "simatic it production suite",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "simatic pcs neo",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "opcenter execution discrete",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "3.2"
      },
      {
        "model": "simatic step 7",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "15.1"
      },
      {
        "model": "opcenter quality",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "11.3"
      },
      {
        "model": "simatic it lms",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "simatic step 7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "16"
      },
      {
        "model": "opcenter rd\\\u0026l",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "8.0"
      },
      {
        "model": "opcenter execution foundation",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "3.2"
      },
      {
        "model": "opcenter execution process",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "3.2"
      },
      {
        "model": "opcenter execution discrete",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": "3.2"
      },
      {
        "model": "opcenter execution foundation",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": "3.2"
      },
      {
        "model": "opcenter execution process",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": "3.2"
      },
      {
        "model": "opcenter intelligence",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "opcenter quality",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": "11.3"
      },
      {
        "model": "opcenter rd\u002626l",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": "8.0"
      },
      {
        "model": "simatic it lms",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "simatic it production suite",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "simatic notifier server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "simatic pcs neo",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": "3.0 sp1"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-008065"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-7588"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simatic_pcs_neo:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:opcenter_execution_discrete:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "3.2",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:opcenter_execution_foundation:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "3.2",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:opcenter_execution_process:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "3.2",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:opcenter_intelligence:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:opcenter_quality:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "11.3",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:opcenter_rd\\\u0026l:8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simatic_step_7:16:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:soft_starter_es:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simocode_es:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simatic_notifier_server:*:*:*:*:*:windows:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simatic_it_lms:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simatic_it_production_suite:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simatic_step_7:16:update_1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simatic_step_7:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "15.1",
                "versionStartIncluding": "15",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-7588"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Victor Fidalgo of INCIBE and Reid Wightman of Dragos reported these vulnerabilities to Siemens.",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202007-580"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2020-7588",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 5.0,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2020-7588",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "VHN-185713",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "impactScore": 1.4,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "Low",
            "baseScore": 5.3,
            "baseSeverity": "Medium",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2020-7588",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2020-7588",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202007-580",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-185713",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2020-7588",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-185713"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-7588"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-008065"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-7588"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202007-580"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A vulnerability has been identified in Opcenter Execution Discrete (All versions \u003c V3.2), Opcenter Execution Foundation (All versions \u003c V3.2), Opcenter Execution Process (All versions \u003c V3.2), Opcenter Intelligence (All versions \u003c V3.3), Opcenter Quality (All versions \u003c V11.3), Opcenter RD\u0026L (V8.0), SIMATIC IT LMS (All versions \u003c V2.6), SIMATIC IT Production Suite (All versions \u003c V8.0), SIMATIC Notifier Server for Windows (All versions), SIMATIC PCS neo (All versions \u003c V3.0 SP1), SIMATIC STEP 7 (TIA Portal) V15 (All versions \u003c V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions \u003c V16 Update 2), SIMOCODE ES V15.1 (All versions \u003c V15.1 Update 4), SIMOCODE ES V16 (All versions \u003c V16 Update 1), Soft Starter ES V15.1 (All versions \u003c V15.1 Update 3), Soft Starter ES V16 (All versions \u003c V16 Update 1). Sending a specially crafted packet to the affected service could cause a partial remote denial-of-service, that would cause the service to restart itself. Multiple Siemens products contain input validation vulnerabilities.Denial of service (DoS) It may be put in a state. An input validation error vulnerability exists in . The vulnerability stems from the failure of the network system or product to properly validate the input data. The following products and versions are affected:",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-7588"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-008065"
      },
      {
        "db": "VULHUB",
        "id": "VHN-185713"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-7588"
      }
    ],
    "trust": 1.8
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2020-7588",
        "trust": 2.6
      },
      {
        "db": "SIEMENS",
        "id": "SSA-841348",
        "trust": 1.8
      },
      {
        "db": "JVN",
        "id": "JVNVU97872642",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-008065",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202007-580",
        "trust": 0.7
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-20-196-05",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.2393.2",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.2393",
        "trust": 0.6
      },
      {
        "db": "CNVD",
        "id": "CNVD-2021-54361",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-185713",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-7588",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-185713"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-7588"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-008065"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-7588"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202007-580"
      }
    ]
  },
  "id": "VAR-202007-1237",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-185713"
      }
    ],
    "trust": 0.60384615
  },
  "last_update_date": "2023-12-18T11:58:10.862000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "SSA-841348",
        "trust": 0.8,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdf"
      },
      {
        "title": "Siemens Security Advisories: Siemens Security Advisory",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=2c5193074a957cb3ecdc0e93e2ad86b5"
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/live-hack-cve/cve-2020-7588 "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2020-7588"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-008065"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-20",
        "trust": 1.1
      },
      {
        "problemtype": "Incorrect input confirmation (CWE-20) [NVD Evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-185713"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-008065"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-7588"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.8,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdf"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7588"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/vu/jvnvu97872642/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.2393.2/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.2393/"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/simatic-multiple-vulnerabilities-via-umc-stack-32813"
      },
      {
        "trust": 0.6,
        "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-05"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/20.html"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/live-hack-cve/cve-2020-7588"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://cert-portal.siemens.com/productcert/txt/ssa-841348.txt"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-185713"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-7588"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-008065"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-7588"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202007-580"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-185713"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-7588"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-008065"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-7588"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202007-580"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-07-14T00:00:00",
        "db": "VULHUB",
        "id": "VHN-185713"
      },
      {
        "date": "2020-07-14T00:00:00",
        "db": "VULMON",
        "id": "CVE-2020-7588"
      },
      {
        "date": "2020-09-03T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-008065"
      },
      {
        "date": "2020-07-14T14:15:18.993000",
        "db": "NVD",
        "id": "CVE-2020-7588"
      },
      {
        "date": "2020-07-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202007-580"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-01-30T00:00:00",
        "db": "VULHUB",
        "id": "VHN-185713"
      },
      {
        "date": "2023-01-30T00:00:00",
        "db": "VULMON",
        "id": "CVE-2020-7588"
      },
      {
        "date": "2020-09-03T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-008065"
      },
      {
        "date": "2023-01-30T19:52:34.590000",
        "db": "NVD",
        "id": "CVE-2020-7588"
      },
      {
        "date": "2022-08-11T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202007-580"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202007-580"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Input validation vulnerabilities in multiple Siemens products",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-008065"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "input validation error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202007-580"
      }
    ],
    "trust": 0.6
  }
}

cve-2020-7587
Vulnerability from cvelistv5
Published
2020-07-14 13:18
Modified
2024-08-04 09:33
Severity ?
Summary
A vulnerability has been identified in Opcenter Execution Discrete (All versions < V3.2), Opcenter Execution Foundation (All versions < V3.2), Opcenter Execution Process (All versions < V3.2), Opcenter Intelligence (All versions < V3.3), Opcenter Quality (All versions < V11.3), Opcenter RD&L (V8.0), SIMATIC IT LMS (All versions < V2.6), SIMATIC IT Production Suite (All versions < V8.0), SIMATIC Notifier Server for Windows (All versions), SIMATIC PCS neo (All versions < V3.0 SP1), SIMATIC STEP 7 (TIA Portal) V15 (All versions < V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 2), SIMOCODE ES V15.1 (All versions < V15.1 Update 4), SIMOCODE ES V16 (All versions < V16 Update 1), Soft Starter ES V15.1 (All versions < V15.1 Update 3), Soft Starter ES V16 (All versions < V16 Update 1). Sending multiple specially crafted packets to the affected service could cause a partial remote denial-of-service, that would cause the service to restart itself. On some cases the vulnerability could leak random information from the remote service.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T09:33:19.877Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Opcenter Execution Discrete",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2"
            }
          ]
        },
        {
          "product": "Opcenter Execution Foundation",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2"
            }
          ]
        },
        {
          "product": "Opcenter Execution Process",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2"
            }
          ]
        },
        {
          "product": "Opcenter Intelligence",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.3"
            }
          ]
        },
        {
          "product": "Opcenter Quality",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V11.3"
            }
          ]
        },
        {
          "product": "Opcenter RD\u0026L",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "V8.0"
            }
          ]
        },
        {
          "product": "SIMATIC IT LMS",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.6"
            }
          ]
        },
        {
          "product": "SIMATIC IT Production Suite",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V8.0"
            }
          ]
        },
        {
          "product": "SIMATIC Notifier Server for Windows",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "product": "SIMATIC PCS neo",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.0 SP1"
            }
          ]
        },
        {
          "product": "SIMATIC STEP 7 (TIA Portal) V15",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V15.1 Update 5"
            }
          ]
        },
        {
          "product": "SIMATIC STEP 7 (TIA Portal) V16",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V16 Update 2"
            }
          ]
        },
        {
          "product": "SIMOCODE ES V15.1",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V15.1 Update 4"
            }
          ]
        },
        {
          "product": "SIMOCODE ES V16",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V16 Update 1"
            }
          ]
        },
        {
          "product": "Soft Starter ES V15.1",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V15.1 Update 3"
            }
          ]
        },
        {
          "product": "Soft Starter ES V16",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V16 Update 1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in Opcenter Execution Discrete (All versions \u003c V3.2), Opcenter Execution Foundation (All versions \u003c V3.2), Opcenter Execution Process (All versions \u003c V3.2), Opcenter Intelligence (All versions \u003c V3.3), Opcenter Quality (All versions \u003c V11.3), Opcenter RD\u0026L (V8.0), SIMATIC IT LMS (All versions \u003c V2.6), SIMATIC IT Production Suite (All versions \u003c V8.0), SIMATIC Notifier Server for Windows (All versions), SIMATIC PCS neo (All versions \u003c V3.0 SP1), SIMATIC STEP 7 (TIA Portal) V15 (All versions \u003c V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions \u003c V16 Update 2), SIMOCODE ES V15.1 (All versions \u003c V15.1 Update 4), SIMOCODE ES V16 (All versions \u003c V16 Update 1), Soft Starter ES V15.1 (All versions \u003c V15.1 Update 3), Soft Starter ES V16 (All versions \u003c V16 Update 1). Sending multiple specially crafted packets to the affected service could cause a partial remote denial-of-service, that would cause the service to restart itself. On some cases the vulnerability could leak random information from the remote service."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "CWE-400: Uncontrolled Resource Consumption",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-08-10T11:16:51",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdf"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "productcert@siemens.com",
          "ID": "CVE-2020-7587",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Opcenter Execution Discrete",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V3.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Opcenter Execution Foundation",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V3.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Opcenter Execution Process",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V3.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Opcenter Intelligence",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V3.3"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Opcenter Quality",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V11.3"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Opcenter RD\u0026L",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "V8.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SIMATIC IT LMS",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V2.6"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SIMATIC IT Production Suite",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V8.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SIMATIC Notifier Server for Windows",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SIMATIC PCS neo",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V3.0 SP1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SIMATIC STEP 7 (TIA Portal) V15",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V15.1 Update 5"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SIMATIC STEP 7 (TIA Portal) V16",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V16 Update 2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SIMOCODE ES V15.1",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V15.1 Update 4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SIMOCODE ES V16",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V16 Update 1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Soft Starter ES V15.1",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V15.1 Update 3"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Soft Starter ES V16",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V16 Update 1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Siemens"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability has been identified in Opcenter Execution Discrete (All versions \u003c V3.2), Opcenter Execution Foundation (All versions \u003c V3.2), Opcenter Execution Process (All versions \u003c V3.2), Opcenter Intelligence (All versions \u003c V3.3), Opcenter Quality (All versions \u003c V11.3), Opcenter RD\u0026L (V8.0), SIMATIC IT LMS (All versions \u003c V2.6), SIMATIC IT Production Suite (All versions \u003c V8.0), SIMATIC Notifier Server for Windows (All versions), SIMATIC PCS neo (All versions \u003c V3.0 SP1), SIMATIC STEP 7 (TIA Portal) V15 (All versions \u003c V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions \u003c V16 Update 2), SIMOCODE ES V15.1 (All versions \u003c V15.1 Update 4), SIMOCODE ES V16 (All versions \u003c V16 Update 1), Soft Starter ES V15.1 (All versions \u003c V15.1 Update 3), Soft Starter ES V16 (All versions \u003c V16 Update 1). Sending multiple specially crafted packets to the affected service could cause a partial remote denial-of-service, that would cause the service to restart itself. On some cases the vulnerability could leak random information from the remote service."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-400: Uncontrolled Resource Consumption"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdf",
              "refsource": "MISC",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdf"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2020-7587",
    "datePublished": "2020-07-14T13:18:05",
    "dateReserved": "2020-01-21T00:00:00",
    "dateUpdated": "2024-08-04T09:33:19.877Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-7588
Vulnerability from cvelistv5
Published
2020-07-14 13:18
Modified
2024-08-04 09:33
Severity ?
Summary
A vulnerability has been identified in Opcenter Execution Discrete (All versions < V3.2), Opcenter Execution Foundation (All versions < V3.2), Opcenter Execution Process (All versions < V3.2), Opcenter Intelligence (All versions < V3.3), Opcenter Quality (All versions < V11.3), Opcenter RD&L (V8.0), SIMATIC IT LMS (All versions < V2.6), SIMATIC IT Production Suite (All versions < V8.0), SIMATIC Notifier Server for Windows (All versions), SIMATIC PCS neo (All versions < V3.0 SP1), SIMATIC STEP 7 (TIA Portal) V15 (All versions < V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 2), SIMOCODE ES V15.1 (All versions < V15.1 Update 4), SIMOCODE ES V16 (All versions < V16 Update 1), Soft Starter ES V15.1 (All versions < V15.1 Update 3), Soft Starter ES V16 (All versions < V16 Update 1). Sending a specially crafted packet to the affected service could cause a partial remote denial-of-service, that would cause the service to restart itself.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T09:33:19.850Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Opcenter Execution Discrete",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2"
            }
          ]
        },
        {
          "product": "Opcenter Execution Foundation",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2"
            }
          ]
        },
        {
          "product": "Opcenter Execution Process",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2"
            }
          ]
        },
        {
          "product": "Opcenter Intelligence",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.3"
            }
          ]
        },
        {
          "product": "Opcenter Quality",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V11.3"
            }
          ]
        },
        {
          "product": "Opcenter RD\u0026L",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "V8.0"
            }
          ]
        },
        {
          "product": "SIMATIC IT LMS",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.6"
            }
          ]
        },
        {
          "product": "SIMATIC IT Production Suite",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V8.0"
            }
          ]
        },
        {
          "product": "SIMATIC Notifier Server for Windows",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "product": "SIMATIC PCS neo",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.0 SP1"
            }
          ]
        },
        {
          "product": "SIMATIC STEP 7 (TIA Portal) V15",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V15.1 Update 5"
            }
          ]
        },
        {
          "product": "SIMATIC STEP 7 (TIA Portal) V16",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V16 Update 2"
            }
          ]
        },
        {
          "product": "SIMOCODE ES V15.1",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V15.1 Update 4"
            }
          ]
        },
        {
          "product": "SIMOCODE ES V16",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V16 Update 1"
            }
          ]
        },
        {
          "product": "Soft Starter ES V15.1",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V15.1 Update 3"
            }
          ]
        },
        {
          "product": "Soft Starter ES V16",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V16 Update 1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in Opcenter Execution Discrete (All versions \u003c V3.2), Opcenter Execution Foundation (All versions \u003c V3.2), Opcenter Execution Process (All versions \u003c V3.2), Opcenter Intelligence (All versions \u003c V3.3), Opcenter Quality (All versions \u003c V11.3), Opcenter RD\u0026L (V8.0), SIMATIC IT LMS (All versions \u003c V2.6), SIMATIC IT Production Suite (All versions \u003c V8.0), SIMATIC Notifier Server for Windows (All versions), SIMATIC PCS neo (All versions \u003c V3.0 SP1), SIMATIC STEP 7 (TIA Portal) V15 (All versions \u003c V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions \u003c V16 Update 2), SIMOCODE ES V15.1 (All versions \u003c V15.1 Update 4), SIMOCODE ES V16 (All versions \u003c V16 Update 1), Soft Starter ES V15.1 (All versions \u003c V15.1 Update 3), Soft Starter ES V16 (All versions \u003c V16 Update 1). Sending a specially crafted packet to the affected service could cause a partial remote denial-of-service, that would cause the service to restart itself."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20: Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-08-10T11:16:56",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdf"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "productcert@siemens.com",
          "ID": "CVE-2020-7588",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Opcenter Execution Discrete",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V3.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Opcenter Execution Foundation",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V3.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Opcenter Execution Process",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V3.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Opcenter Intelligence",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V3.3"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Opcenter Quality",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V11.3"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Opcenter RD\u0026L",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "V8.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SIMATIC IT LMS",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V2.6"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SIMATIC IT Production Suite",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V8.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SIMATIC Notifier Server for Windows",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SIMATIC PCS neo",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V3.0 SP1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SIMATIC STEP 7 (TIA Portal) V15",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V15.1 Update 5"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SIMATIC STEP 7 (TIA Portal) V16",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V16 Update 2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SIMOCODE ES V15.1",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V15.1 Update 4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SIMOCODE ES V16",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V16 Update 1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Soft Starter ES V15.1",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V15.1 Update 3"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Soft Starter ES V16",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V16 Update 1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Siemens"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability has been identified in Opcenter Execution Discrete (All versions \u003c V3.2), Opcenter Execution Foundation (All versions \u003c V3.2), Opcenter Execution Process (All versions \u003c V3.2), Opcenter Intelligence (All versions \u003c V3.3), Opcenter Quality (All versions \u003c V11.3), Opcenter RD\u0026L (V8.0), SIMATIC IT LMS (All versions \u003c V2.6), SIMATIC IT Production Suite (All versions \u003c V8.0), SIMATIC Notifier Server for Windows (All versions), SIMATIC PCS neo (All versions \u003c V3.0 SP1), SIMATIC STEP 7 (TIA Portal) V15 (All versions \u003c V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions \u003c V16 Update 2), SIMOCODE ES V15.1 (All versions \u003c V15.1 Update 4), SIMOCODE ES V16 (All versions \u003c V16 Update 1), Soft Starter ES V15.1 (All versions \u003c V15.1 Update 3), Soft Starter ES V16 (All versions \u003c V16 Update 1). Sending a specially crafted packet to the affected service could cause a partial remote denial-of-service, that would cause the service to restart itself."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-20: Improper Input Validation"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdf",
              "refsource": "MISC",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdf"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2020-7588",
    "datePublished": "2020-07-14T13:18:05",
    "dateReserved": "2020-01-21T00:00:00",
    "dateUpdated": "2024-08-04T09:33:19.850Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}