Vulnerabilites related to Siemens - SIMATIC STEP 7 (TIA Portal) V14
cve-2020-7580
Vulnerability from cvelistv5
Published
2020-06-10 00:00
Modified
2024-08-04 09:33
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in SIMATIC Automation Tool (All versions < V4 SP2), SIMATIC NET PC Software V14 (All versions < V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions), SIMATIC NET PC Software V16 (All versions < V16 Upd3), SIMATIC PCS neo (All versions < V3.0 SP1), SIMATIC ProSave (All versions < V17), SIMATIC S7-1500 Software Controller (All versions < V21.8), SIMATIC STEP 7 (TIA Portal) V13 (All versions < V13 SP2 Update 4), SIMATIC STEP 7 (TIA Portal) V14 (All versions < V14 SP1 Update 10), SIMATIC STEP 7 (TIA Portal) V15 (All versions < V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 2), SIMATIC STEP 7 V5 (All versions < V5.6 SP2 HF3), SIMATIC WinCC OA V3.16 (All versions < V3.16 P018), SIMATIC WinCC OA V3.17 (All versions < V3.17 P003), SIMATIC WinCC Runtime Advanced (All versions < V16 Update 2), SIMATIC WinCC Runtime Professional V13 (All versions < V13 SP2 Update 4), SIMATIC WinCC Runtime Professional V14 (All versions < V14 SP1 Update 10), SIMATIC WinCC Runtime Professional V15 (All versions < V15.1 Update 5), SIMATIC WinCC Runtime Professional V16 (All versions < V16 Update 2), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 14), SIMATIC WinCC V7.5 (All versions < V7.5 SP1 Update 3), SINAMICS STARTER (All Versions < V5.4 HF2), SINAMICS Startdrive (All Versions < V16 Update 3), SINEC NMS (All versions < V1.0 SP2), SINEMA Server (All versions < V14 SP3), SINUMERIK ONE virtual (All Versions < V6.14), SINUMERIK Operate (All Versions < V6.14). A common component used by the affected applications regularly calls a helper binary with SYSTEM privileges while the call path is not quoted. This could allow a local attacker to execute arbitrary code with SYTEM privileges.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | SIMATIC Automation Tool |
Version: All versions < V4 SP2 |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T09:33:19.492Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-312271.pdf", }, { tags: [ "x_transferred", ], url: "https://us-cert.cisa.gov/ics/advisories/icsa-20-161-04", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "SIMATIC Automation Tool", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V4 SP2", }, ], }, { product: "SIMATIC NET PC Software V14", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14 SP1 Update 14", }, ], }, { product: "SIMATIC NET PC Software V15", vendor: "Siemens", versions: [ { status: "affected", version: "All versions", }, ], }, { product: "SIMATIC NET PC Software V16", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V16 Upd3", }, ], }, { product: "SIMATIC PCS neo", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V3.0 SP1", }, ], }, { product: "SIMATIC ProSave", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V17", }, ], }, { product: "SIMATIC S7-1500 Software Controller", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V21.8", }, ], }, { product: "SIMATIC STEP 7 (TIA Portal) V13", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13 SP2 Update 4", }, ], }, { product: "SIMATIC STEP 7 (TIA Portal) V14", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14 SP1 Update 10", }, ], }, { product: "SIMATIC STEP 7 (TIA Portal) V15", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V15.1 Update 5", }, ], }, { product: "SIMATIC STEP 7 (TIA Portal) V16", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V16 Update 2", }, ], }, { product: "SIMATIC STEP 7 V5", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V5.6 SP2 HF3", }, ], }, { product: "SIMATIC WinCC OA V3.16", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V3.16 P018", }, ], }, { product: "SIMATIC WinCC OA V3.17", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V3.17 P003", }, ], }, { product: "SIMATIC WinCC Runtime Advanced", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V16 Update 2", }, ], }, { product: "SIMATIC WinCC Runtime Professional V13", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13 SP2 Update 4", }, ], }, { product: "SIMATIC WinCC Runtime Professional V14", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14 SP1 Update 10", }, ], }, { product: "SIMATIC WinCC Runtime Professional V15", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V15.1 Update 5", }, ], }, { product: "SIMATIC WinCC Runtime Professional V16", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V16 Update 2", }, ], }, { product: "SIMATIC WinCC V7.4", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V7.4 SP1 Update 14", }, ], }, { product: "SIMATIC WinCC V7.5", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V7.5 SP1 Update 3", }, ], }, { product: "SINAMICS STARTER", vendor: "Siemens", versions: [ { status: "affected", version: "All Versions < V5.4 HF2", }, ], }, { product: "SINAMICS Startdrive", vendor: "Siemens", versions: [ { status: "affected", version: "All Versions < V16 Update 3", }, ], }, { product: "SINEC NMS", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V1.0 SP2", }, ], }, { product: "SINEMA Server", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14 SP3", }, ], }, { product: "SINUMERIK ONE virtual", vendor: "Siemens", versions: [ { status: "affected", version: "All Versions < V6.14", }, ], }, { product: "SINUMERIK Operate", vendor: "Siemens", versions: [ { status: "affected", version: "All Versions < V6.14", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in SIMATIC Automation Tool (All versions < V4 SP2), SIMATIC NET PC Software V14 (All versions < V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions), SIMATIC NET PC Software V16 (All versions < V16 Upd3), SIMATIC PCS neo (All versions < V3.0 SP1), SIMATIC ProSave (All versions < V17), SIMATIC S7-1500 Software Controller (All versions < V21.8), SIMATIC STEP 7 (TIA Portal) V13 (All versions < V13 SP2 Update 4), SIMATIC STEP 7 (TIA Portal) V14 (All versions < V14 SP1 Update 10), SIMATIC STEP 7 (TIA Portal) V15 (All versions < V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 2), SIMATIC STEP 7 V5 (All versions < V5.6 SP2 HF3), SIMATIC WinCC OA V3.16 (All versions < V3.16 P018), SIMATIC WinCC OA V3.17 (All versions < V3.17 P003), SIMATIC WinCC Runtime Advanced (All versions < V16 Update 2), SIMATIC WinCC Runtime Professional V13 (All versions < V13 SP2 Update 4), SIMATIC WinCC Runtime Professional V14 (All versions < V14 SP1 Update 10), SIMATIC WinCC Runtime Professional V15 (All versions < V15.1 Update 5), SIMATIC WinCC Runtime Professional V16 (All versions < V16 Update 2), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 14), SIMATIC WinCC V7.5 (All versions < V7.5 SP1 Update 3), SINAMICS STARTER (All Versions < V5.4 HF2), SINAMICS Startdrive (All Versions < V16 Update 3), SINEC NMS (All versions < V1.0 SP2), SINEMA Server (All versions < V14 SP3), SINUMERIK ONE virtual (All Versions < V6.14), SINUMERIK Operate (All Versions < V6.14). A common component used by the affected applications regularly calls a helper binary with SYSTEM privileges while the call path is not quoted. This could allow a local attacker to execute arbitrary code with SYTEM privileges.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-428", description: "CWE-428: Unquoted Search Path or Element", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-13T00:00:00", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-312271.pdf", }, { url: "https://us-cert.cisa.gov/ics/advisories/icsa-20-161-04", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2020-7580", datePublished: "2020-06-10T00:00:00", dateReserved: "2020-01-21T00:00:00", dateUpdated: "2024-08-04T09:33:19.492Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }