cve-2020-7580
Vulnerability from cvelistv5
Published
2020-06-10 00:00
Modified
2024-08-04 09:33
Severity ?
Summary
A vulnerability has been identified in SIMATIC Automation Tool (All versions < V4 SP2), SIMATIC NET PC Software V14 (All versions < V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions), SIMATIC NET PC Software V16 (All versions < V16 Upd3), SIMATIC PCS neo (All versions < V3.0 SP1), SIMATIC ProSave (All versions < V17), SIMATIC S7-1500 Software Controller (All versions < V21.8), SIMATIC STEP 7 (TIA Portal) V13 (All versions < V13 SP2 Update 4), SIMATIC STEP 7 (TIA Portal) V14 (All versions < V14 SP1 Update 10), SIMATIC STEP 7 (TIA Portal) V15 (All versions < V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 2), SIMATIC STEP 7 V5 (All versions < V5.6 SP2 HF3), SIMATIC WinCC OA V3.16 (All versions < V3.16 P018), SIMATIC WinCC OA V3.17 (All versions < V3.17 P003), SIMATIC WinCC Runtime Advanced (All versions < V16 Update 2), SIMATIC WinCC Runtime Professional V13 (All versions < V13 SP2 Update 4), SIMATIC WinCC Runtime Professional V14 (All versions < V14 SP1 Update 10), SIMATIC WinCC Runtime Professional V15 (All versions < V15.1 Update 5), SIMATIC WinCC Runtime Professional V16 (All versions < V16 Update 2), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 14), SIMATIC WinCC V7.5 (All versions < V7.5 SP1 Update 3), SINAMICS STARTER (All Versions < V5.4 HF2), SINAMICS Startdrive (All Versions < V16 Update 3), SINEC NMS (All versions < V1.0 SP2), SINEMA Server (All versions < V14 SP3), SINUMERIK ONE virtual (All Versions < V6.14), SINUMERIK Operate (All Versions < V6.14). A common component used by the affected applications regularly calls a helper binary with SYSTEM privileges while the call path is not quoted. This could allow a local attacker to execute arbitrary code with SYTEM privileges.
References
productcert@siemens.comhttps://cert-portal.siemens.com/productcert/pdf/ssa-312271.pdfVendor Advisory
productcert@siemens.comhttps://us-cert.cisa.gov/ics/advisories/icsa-20-161-04Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108https://cert-portal.siemens.com/productcert/pdf/ssa-312271.pdfVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://us-cert.cisa.gov/ics/advisories/icsa-20-161-04Third Party Advisory, US Government Resource
Impacted products
Vendor Product Version
Siemens SIMATIC Automation Tool Version: All versions < V4 SP2
 Create a notification for this product.
   Siemens SIMATIC NET PC Software V14 Version: All versions < V14 SP1 Update 14
 Create a notification for this product.
   Siemens SIMATIC NET PC Software V15 Version: All versions
 Create a notification for this product.
   Siemens SIMATIC NET PC Software V16 Version: All versions < V16 Upd3
 Create a notification for this product.
   Siemens SIMATIC PCS neo Version: All versions < V3.0 SP1
 Create a notification for this product.
   Siemens SIMATIC ProSave Version: All versions < V17
 Create a notification for this product.
   Siemens SIMATIC S7-1500 Software Controller Version: All versions < V21.8
 Create a notification for this product.
   Siemens SIMATIC STEP 7 (TIA Portal) V13 Version: All versions < V13 SP2 Update 4
 Create a notification for this product.
   Siemens SIMATIC STEP 7 (TIA Portal) V14 Version: All versions < V14 SP1 Update 10
 Create a notification for this product.
   Siemens SIMATIC STEP 7 (TIA Portal) V15 Version: All versions < V15.1 Update 5
 Create a notification for this product.
   Siemens SIMATIC STEP 7 (TIA Portal) V16 Version: All versions < V16 Update 2
 Create a notification for this product.
   Siemens SIMATIC STEP 7 V5 Version: All versions < V5.6 SP2 HF3
 Create a notification for this product.
   Siemens SIMATIC WinCC OA V3.16 Version: All versions < V3.16 P018
 Create a notification for this product.
   Siemens SIMATIC WinCC OA V3.17 Version: All versions < V3.17 P003
 Create a notification for this product.
   Siemens SIMATIC WinCC Runtime Advanced Version: All versions < V16 Update 2
 Create a notification for this product.
   Siemens SIMATIC WinCC Runtime Professional V13 Version: All versions < V13 SP2 Update 4
 Create a notification for this product.
   Siemens SIMATIC WinCC Runtime Professional V14 Version: All versions < V14 SP1 Update 10
 Create a notification for this product.
   Siemens SIMATIC WinCC Runtime Professional V15 Version: All versions < V15.1 Update 5
 Create a notification for this product.
   Siemens SIMATIC WinCC Runtime Professional V16 Version: All versions < V16 Update 2
 Create a notification for this product.
   Siemens SIMATIC WinCC V7.4 Version: All versions < V7.4 SP1 Update 14
 Create a notification for this product.
   Siemens SIMATIC WinCC V7.5 Version: All versions < V7.5 SP1 Update 3
 Create a notification for this product.
   Siemens SINAMICS STARTER Version: All Versions < V5.4 HF2
 Create a notification for this product.
   Siemens SINAMICS Startdrive Version: All Versions < V16 Update 3
 Create a notification for this product.
   Siemens SINEC NMS Version: All versions < V1.0 SP2
 Create a notification for this product.
   Siemens SINEMA Server Version: All versions < V14 SP3
 Create a notification for this product.
   Siemens SINUMERIK ONE virtual Version: All Versions < V6.14
 Create a notification for this product.
   Siemens SINUMERIK Operate Version: All Versions < V6.14
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T09:33:19.492Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://cert-portal.siemens.com/productcert/pdf/ssa-312271.pdf",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://us-cert.cisa.gov/ics/advisories/icsa-20-161-04",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "SIMATIC Automation Tool",
               vendor: "Siemens",
               versions: [
                  {
                     status: "affected",
                     version: "All versions < V4 SP2",
                  },
               ],
            },
            {
               product: "SIMATIC NET PC Software V14",
               vendor: "Siemens",
               versions: [
                  {
                     status: "affected",
                     version: "All versions < V14 SP1 Update 14",
                  },
               ],
            },
            {
               product: "SIMATIC NET PC Software V15",
               vendor: "Siemens",
               versions: [
                  {
                     status: "affected",
                     version: "All versions",
                  },
               ],
            },
            {
               product: "SIMATIC NET PC Software V16",
               vendor: "Siemens",
               versions: [
                  {
                     status: "affected",
                     version: "All versions < V16 Upd3",
                  },
               ],
            },
            {
               product: "SIMATIC PCS neo",
               vendor: "Siemens",
               versions: [
                  {
                     status: "affected",
                     version: "All versions < V3.0 SP1",
                  },
               ],
            },
            {
               product: "SIMATIC ProSave",
               vendor: "Siemens",
               versions: [
                  {
                     status: "affected",
                     version: "All versions < V17",
                  },
               ],
            },
            {
               product: "SIMATIC S7-1500 Software Controller",
               vendor: "Siemens",
               versions: [
                  {
                     status: "affected",
                     version: "All versions < V21.8",
                  },
               ],
            },
            {
               product: "SIMATIC STEP 7 (TIA Portal) V13",
               vendor: "Siemens",
               versions: [
                  {
                     status: "affected",
                     version: "All versions < V13 SP2 Update 4",
                  },
               ],
            },
            {
               product: "SIMATIC STEP 7 (TIA Portal) V14",
               vendor: "Siemens",
               versions: [
                  {
                     status: "affected",
                     version: "All versions < V14 SP1 Update 10",
                  },
               ],
            },
            {
               product: "SIMATIC STEP 7 (TIA Portal) V15",
               vendor: "Siemens",
               versions: [
                  {
                     status: "affected",
                     version: "All versions < V15.1 Update 5",
                  },
               ],
            },
            {
               product: "SIMATIC STEP 7 (TIA Portal) V16",
               vendor: "Siemens",
               versions: [
                  {
                     status: "affected",
                     version: "All versions < V16 Update 2",
                  },
               ],
            },
            {
               product: "SIMATIC STEP 7 V5",
               vendor: "Siemens",
               versions: [
                  {
                     status: "affected",
                     version: "All versions < V5.6 SP2 HF3",
                  },
               ],
            },
            {
               product: "SIMATIC WinCC OA V3.16",
               vendor: "Siemens",
               versions: [
                  {
                     status: "affected",
                     version: "All versions < V3.16 P018",
                  },
               ],
            },
            {
               product: "SIMATIC WinCC OA V3.17",
               vendor: "Siemens",
               versions: [
                  {
                     status: "affected",
                     version: "All versions < V3.17 P003",
                  },
               ],
            },
            {
               product: "SIMATIC WinCC Runtime Advanced",
               vendor: "Siemens",
               versions: [
                  {
                     status: "affected",
                     version: "All versions < V16 Update 2",
                  },
               ],
            },
            {
               product: "SIMATIC WinCC Runtime Professional V13",
               vendor: "Siemens",
               versions: [
                  {
                     status: "affected",
                     version: "All versions < V13 SP2 Update 4",
                  },
               ],
            },
            {
               product: "SIMATIC WinCC Runtime Professional V14",
               vendor: "Siemens",
               versions: [
                  {
                     status: "affected",
                     version: "All versions < V14 SP1 Update 10",
                  },
               ],
            },
            {
               product: "SIMATIC WinCC Runtime Professional V15",
               vendor: "Siemens",
               versions: [
                  {
                     status: "affected",
                     version: "All versions < V15.1 Update 5",
                  },
               ],
            },
            {
               product: "SIMATIC WinCC Runtime Professional V16",
               vendor: "Siemens",
               versions: [
                  {
                     status: "affected",
                     version: "All versions < V16 Update 2",
                  },
               ],
            },
            {
               product: "SIMATIC WinCC V7.4",
               vendor: "Siemens",
               versions: [
                  {
                     status: "affected",
                     version: "All versions < V7.4 SP1 Update 14",
                  },
               ],
            },
            {
               product: "SIMATIC WinCC V7.5",
               vendor: "Siemens",
               versions: [
                  {
                     status: "affected",
                     version: "All versions < V7.5 SP1 Update 3",
                  },
               ],
            },
            {
               product: "SINAMICS STARTER",
               vendor: "Siemens",
               versions: [
                  {
                     status: "affected",
                     version: "All Versions < V5.4 HF2",
                  },
               ],
            },
            {
               product: "SINAMICS Startdrive",
               vendor: "Siemens",
               versions: [
                  {
                     status: "affected",
                     version: "All Versions < V16 Update 3",
                  },
               ],
            },
            {
               product: "SINEC NMS",
               vendor: "Siemens",
               versions: [
                  {
                     status: "affected",
                     version: "All versions < V1.0 SP2",
                  },
               ],
            },
            {
               product: "SINEMA Server",
               vendor: "Siemens",
               versions: [
                  {
                     status: "affected",
                     version: "All versions < V14 SP3",
                  },
               ],
            },
            {
               product: "SINUMERIK ONE virtual",
               vendor: "Siemens",
               versions: [
                  {
                     status: "affected",
                     version: "All Versions < V6.14",
                  },
               ],
            },
            {
               product: "SINUMERIK Operate",
               vendor: "Siemens",
               versions: [
                  {
                     status: "affected",
                     version: "All Versions < V6.14",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "A vulnerability has been identified in SIMATIC Automation Tool (All versions < V4 SP2), SIMATIC NET PC Software V14 (All versions < V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions), SIMATIC NET PC Software V16 (All versions < V16 Upd3), SIMATIC PCS neo (All versions < V3.0 SP1), SIMATIC ProSave (All versions < V17), SIMATIC S7-1500 Software Controller (All versions < V21.8), SIMATIC STEP 7 (TIA Portal) V13 (All versions < V13 SP2 Update 4), SIMATIC STEP 7 (TIA Portal) V14 (All versions < V14 SP1 Update 10), SIMATIC STEP 7 (TIA Portal) V15 (All versions < V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 2), SIMATIC STEP 7 V5 (All versions < V5.6 SP2 HF3), SIMATIC WinCC OA V3.16 (All versions < V3.16 P018), SIMATIC WinCC OA V3.17 (All versions < V3.17 P003), SIMATIC WinCC Runtime Advanced (All versions < V16 Update 2), SIMATIC WinCC Runtime Professional V13 (All versions < V13 SP2 Update 4), SIMATIC WinCC Runtime Professional V14 (All versions < V14 SP1 Update 10), SIMATIC WinCC Runtime Professional V15 (All versions < V15.1 Update 5), SIMATIC WinCC Runtime Professional V16 (All versions < V16 Update 2), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 14), SIMATIC WinCC V7.5 (All versions < V7.5 SP1 Update 3), SINAMICS STARTER (All Versions < V5.4 HF2), SINAMICS Startdrive (All Versions < V16 Update 3), SINEC NMS (All versions < V1.0 SP2), SINEMA Server (All versions < V14 SP3), SINUMERIK ONE virtual (All Versions < V6.14), SINUMERIK Operate (All Versions < V6.14). A common component used by the affected applications regularly calls a helper binary with SYSTEM privileges while the call path is not quoted. This could allow a local attacker to execute arbitrary code with SYTEM privileges.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-428",
                     description: "CWE-428: Unquoted Search Path or Element",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-12-13T00:00:00",
            orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
            shortName: "siemens",
         },
         references: [
            {
               url: "https://cert-portal.siemens.com/productcert/pdf/ssa-312271.pdf",
            },
            {
               url: "https://us-cert.cisa.gov/ics/advisories/icsa-20-161-04",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
      assignerShortName: "siemens",
      cveId: "CVE-2020-7580",
      datePublished: "2020-06-10T00:00:00",
      dateReserved: "2020-01-21T00:00:00",
      dateUpdated: "2024-08-04T09:33:19.492Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
   "vulnerability-lookup:meta": {
      fkie_nvd: {
         configurations: "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:siemens:simatic_automatic_tool:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A659B687-1038-42F5-B8AC-A394E41D22A8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:siemens:simatic_net_pc:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"16\", \"matchCriteriaId\": \"744B5953-511F-42CA-80A0-DBE36A6AA144\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:siemens:simatic_net_pc:16:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"496E3C43-5DA8-4983-8AC6-0F32454E22F3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:siemens:simatic_net_pc:16:update1:*:*:*:*:*:*\", \"matchCriteriaId\": \"17BCC3CD-61D0-416D-A241-D35AF8EE5BF8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:siemens:simatic_pcs_7:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"13E3BDF0-B691-4A97-A74A-A65EC910480E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:siemens:simatic_pcs_neo:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D61D4B81-7F51-49BE-83DD-D2C28D23B0EA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:siemens:simatic_prosave:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CB7752CF-D754-4A78-999B-45FE379E03DE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:siemens:simatic_s7-1500_software_controller:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"21.8\", \"matchCriteriaId\": \"658E1A3F-29D6-48D2-BCCE-0BCC41AC49F6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:siemens:simatic_step_7:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"5.6\", \"matchCriteriaId\": \"CAF09D6E-3375-4731-B16D-30B7592EA5FB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:siemens:simatic_step_7:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"13\", \"versionEndIncluding\": \"16\", \"matchCriteriaId\": \"1A3CA33C-AFAB-418F-870F-0236B8E55943\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:siemens:simatic_step_7:5.6:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"851F8474-4568-487D-98FB-47DF7EAEAC3B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:siemens:simatic_step_7:5.6:sp1:*:*:*:*:*:*\", \"matchCriteriaId\": \"81EADA2F-884C-4D72-8489-71025B3EBAEE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:siemens:simatic_step_7:5.6:sp2:*:*:*:*:*:*\", \"matchCriteriaId\": \"78366D2F-B728-47F6-B539-5FB2D1B0419D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:siemens:simatic_step_7:5.6:sp2_hotfix1:*:*:*:*:*:*\", \"matchCriteriaId\": \"06A86DA0-BC1F-4306-B02E-ED2FA36BE273\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:siemens:simatic_wincc:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"7.4\", \"matchCriteriaId\": \"3F39B396-140B-4005-9A61-F984C9FAF742\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:siemens:simatic_wincc:7.4:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"3B0BD5DE-C6EF-4B89-831B-DA34DB0D68F6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:siemens:simatic_wincc:7.4:sp1:*:*:*:*:*:*\", \"matchCriteriaId\": \"2637C346-8AAF-481F-AFB0-BAD4254D14F4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update1:*:*:*:*:*:*\", \"matchCriteriaId\": \"BF8404AB-579E-4C6B-BCA7-E95F2CE24F7D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update10:*:*:*:*:*:*\", \"matchCriteriaId\": \"88F6B3BF-727F-432E-89D8-37FB7C76FE2B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update11:*:*:*:*:*:*\", \"matchCriteriaId\": \"62EB588C-CBB4-4B17-9BB5-B14B1FC6BB21\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update12:*:*:*:*:*:*\", \"matchCriteriaId\": \"AF3F613C-6707-4517-B4B8-530C912B79E6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update13:*:*:*:*:*:*\", \"matchCriteriaId\": \"590F62CE-9245-4AC9-9FBC-35136E217B0E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update2:*:*:*:*:*:*\", \"matchCriteriaId\": \"241D5A28-FB22-4C5B-A067-733168E847BF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update3:*:*:*:*:*:*\", \"matchCriteriaId\": \"A5418F92-84A9-439C-B86C-ED5820697603\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update4:*:*:*:*:*:*\", \"matchCriteriaId\": \"40631FBD-116B-4589-B77A-6C5A69990F73\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update5:*:*:*:*:*:*\", \"matchCriteriaId\": \"64B14972-6163-4D44-A9C6-16328E02AC69\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update6:*:*:*:*:*:*\", \"matchCriteriaId\": \"8929E926-740F-4F17-B52C-4C73914B1818\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update7:*:*:*:*:*:*\", \"matchCriteriaId\": \"D4F72666-D10A-4EB2-80D3-18B04C101256\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update8:*:*:*:*:*:*\", \"matchCriteriaId\": \"0E343221-1E1A-4EE7-80AE-AB24E2244BA0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update9:*:*:*:*:*:*\", \"matchCriteriaId\": \"1BF716D7-0A77-400F-9B43-64FBE3E65735\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:siemens:simatic_wincc:7.5:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"E79DA14E-419C-49BA-8E4F-2907E1D8937F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:siemens:simatic_wincc:7.5:sp1:*:*:*:*:*:*\", \"matchCriteriaId\": \"81F9C13C-065C-4E40-BB46-687D791348A9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:siemens:simatic_wincc:7.5:sp1_update1:*:*:*:*:*:*\", \"matchCriteriaId\": \"5CF06E69-0A23-418D-B0EC-574DACBB4DD9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:siemens:simatic_wincc:7.5:sp1_update2:*:*:*:*:*:*\", \"matchCriteriaId\": \"9164EAC1-C416-4F1F-A910-CE84A167A6D1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:siemens:simatic_wincc_open_architecture:3.16:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4B9ED7EF-EF58-400F-92C9-3D52D8E39783\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:siemens:simatic_wincc_open_architecture:3.17:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1C3F9210-7A1E-4B10-B384-119FD5733A86\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:siemens:simatic_wincc_runtime_advanced:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"79EE15DC-74D3-4551-AAD0-EA0CB600DA76\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:siemens:simatic_wincc_runtime_professional:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"13\", \"versionEndIncluding\": \"16\", \"matchCriteriaId\": \"3C9253AD-BD82-4BB2-84AD-EB1892B60358\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:siemens:sinamics_startdrive:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C11DB09A-74E1-45EF-A162-9C1E91F54C04\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:siemens:sinamics_starter_commissioning_tool:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1976CDDA-F2AF-4C47-804E-2C1DF44FBF41\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:siemens:sinec_network_management_system:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"52F7076E-12F7-4F62-9804-18598C39D3FF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:siemens:sinema_server:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C55DA617-6333-40DA-AB7D-EE49A453E143\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:siemens:sinumerik_one_virtual:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A607E4B7-2F58-4F68-91EB-16874986E92F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:siemens:sinumerik_operate:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BAFC5C25-EC3C-4EB6-B5B2-478AE9CEF10F\"}]}]}]",
         descriptions: "[{\"lang\": \"en\", \"value\": \"A vulnerability has been identified in SIMATIC Automation Tool (All versions < V4 SP2), SIMATIC NET PC Software V14 (All versions < V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions), SIMATIC NET PC Software V16 (All versions < V16 Upd3), SIMATIC PCS neo (All versions < V3.0 SP1), SIMATIC ProSave (All versions < V17), SIMATIC S7-1500 Software Controller (All versions < V21.8), SIMATIC STEP 7 (TIA Portal) V13 (All versions < V13 SP2 Update 4), SIMATIC STEP 7 (TIA Portal) V14 (All versions < V14 SP1 Update 10), SIMATIC STEP 7 (TIA Portal) V15 (All versions < V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 2), SIMATIC STEP 7 V5 (All versions < V5.6 SP2 HF3), SIMATIC WinCC OA V3.16 (All versions < V3.16 P018), SIMATIC WinCC OA V3.17 (All versions < V3.17 P003), SIMATIC WinCC Runtime Advanced (All versions < V16 Update 2), SIMATIC WinCC Runtime Professional V13 (All versions < V13 SP2 Update 4), SIMATIC WinCC Runtime Professional V14 (All versions < V14 SP1 Update 10), SIMATIC WinCC Runtime Professional V15 (All versions < V15.1 Update 5), SIMATIC WinCC Runtime Professional V16 (All versions < V16 Update 2), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 14), SIMATIC WinCC V7.5 (All versions < V7.5 SP1 Update 3), SINAMICS STARTER (All Versions < V5.4 HF2), SINAMICS Startdrive (All Versions < V16 Update 3), SINEC NMS (All versions < V1.0 SP2), SINEMA Server (All versions < V14 SP3), SINUMERIK ONE virtual (All Versions < V6.14), SINUMERIK Operate (All Versions < V6.14). A common component used by the affected applications regularly calls a helper binary with SYSTEM privileges while the call path is not quoted. This could allow a local attacker to execute arbitrary code with SYTEM privileges.\"}, {\"lang\": \"es\", \"value\": \"Se ha identificado una vulnerabilidad en SIMATIC Automation Tool (Todas las versiones anteriores a la versi\\u00f3n V4 SP2), SIMATIC NET PC Software V14 (Todas las versiones anteriores a la versi\\u00f3n V14 SP1 Update 14), SIMATIC NET PC Software V15 (Todas las versiones), SIMATIC NET PC Software V16 (Todas las versiones anteriores a la versi\\u00f3n V16 Upd3), SIMATIC PCS neo (Todas las versiones anteriores a la versi\\u00f3n V3.0 SP1), SIMATIC ProSave (Todas las versiones anteriores a la versi\\u00f3n V17), SIMATIC S7-1500 Software Controller (Todas las versiones anteriores a la versi\\u00f3n V21. 8), SIMATIC STEP 7 (Todas las versiones anteriores a la versi\\u00f3n V5.6 SP2 HF3), SIMATIC STEP 7 (TIA Portal) V13 (Todas las versiones anteriores a la versi\\u00f3n V13 SP2 Update 4), SIMATIC STEP 7 (TIA Portal) V14 (Todas las versiones anteriores a la versi\\u00f3n V14 SP1 Update 10), SIMATIC STEP 7 (TIA Portal) V15 (Todas las versiones anteriores a la versi\\u00f3n V15. 1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (Todas las versiones anteriores a la versi\\u00f3n V16 Update 2), SIMATIC WinCC OA V3.16 (Todas las versiones anteriores a la versi\\u00f3n V3.16 P018), SIMATIC WinCC OA V3. 17 (Todas las versiones anteriores a la versi\\u00f3n V3.17 P003), SIMATIC WinCC Runtime Advanced (Todas las versiones anteriores a la versi\\u00f3n V16 Update 2), SIMATIC WinCC Runtime Professional V13 (Todas las versiones anteriores a la versi\\u00f3n V13 SP2 Update 4), SIMATIC WinCC Runtime Professional V14 (Todas las versiones anteriores a la versi\\u00f3n V14 SP1 Update 10), SIMATIC WinCC Runtime Professional V15 (Todas las versiones anteriores a la versi\\u00f3n V15.1 Update 5), SIMATIC WinCC Runtime Professional V16 (Todas las versiones anteriores a la versi\\u00f3n V16 Update 2), SIMATIC WinCC V7. 4 (Todas las versiones anteriores a la versi\\u00f3n V7.4 SP1 Update 14), SIMATIC WinCC V7.5 (Todas las versiones anteriores a la versi\\u00f3n V7.5 SP1 Update 3), SINAMICS STARTER (Todas las versiones anteriores a la versi\\u00f3n V5.4 HF2), SINAMICS Startdrive (Todas las versiones anteriores a la versi\\u00f3n V16 Update 3), SINEC NMS (Todas las versiones anteriores a la versi\\u00f3n V1. 0 SP2), SINEMA Server (Todas las versiones anteriores a la versi\\u00f3n V14 SP3), SINUMERIK ONE virtual (Todas las versiones anteriores a la versi\\u00f3n V6.14), SINUMERIK Operate (Todas las versiones anteriores a la versi\\u00f3n V6.14). Un componente dentro de la aplicaci\\u00f3n afectada llama regularmente a un binario de ayuda con privilegios de SISTEMA mientras la ruta de llamada no est\\u00e1 citada\"}]",
         id: "CVE-2020-7580",
         lastModified: "2024-11-21T05:37:24.840",
         metrics: "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 6.7, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 0.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:N/C:C/I:C/A:C\", \"baseScore\": 7.2, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 3.9, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
         published: "2020-06-10T17:15:12.347",
         references: "[{\"url\": \"https://cert-portal.siemens.com/productcert/pdf/ssa-312271.pdf\", \"source\": \"productcert@siemens.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://us-cert.cisa.gov/ics/advisories/icsa-20-161-04\", \"source\": \"productcert@siemens.com\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"https://cert-portal.siemens.com/productcert/pdf/ssa-312271.pdf\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://us-cert.cisa.gov/ics/advisories/icsa-20-161-04\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}]",
         sourceIdentifier: "productcert@siemens.com",
         vulnStatus: "Modified",
         weaknesses: "[{\"source\": \"productcert@siemens.com\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-428\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-428\"}]}]",
      },
      nvd: "{\"cve\":{\"id\":\"CVE-2020-7580\",\"sourceIdentifier\":\"productcert@siemens.com\",\"published\":\"2020-06-10T17:15:12.347\",\"lastModified\":\"2024-11-21T05:37:24.840\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability has been identified in SIMATIC Automation Tool (All versions < V4 SP2), SIMATIC NET PC Software V14 (All versions < V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions), SIMATIC NET PC Software V16 (All versions < V16 Upd3), SIMATIC PCS neo (All versions < V3.0 SP1), SIMATIC ProSave (All versions < V17), SIMATIC S7-1500 Software Controller (All versions < V21.8), SIMATIC STEP 7 (TIA Portal) V13 (All versions < V13 SP2 Update 4), SIMATIC STEP 7 (TIA Portal) V14 (All versions < V14 SP1 Update 10), SIMATIC STEP 7 (TIA Portal) V15 (All versions < V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 2), SIMATIC STEP 7 V5 (All versions < V5.6 SP2 HF3), SIMATIC WinCC OA V3.16 (All versions < V3.16 P018), SIMATIC WinCC OA V3.17 (All versions < V3.17 P003), SIMATIC WinCC Runtime Advanced (All versions < V16 Update 2), SIMATIC WinCC Runtime Professional V13 (All versions < V13 SP2 Update 4), SIMATIC WinCC Runtime Professional V14 (All versions < V14 SP1 Update 10), SIMATIC WinCC Runtime Professional V15 (All versions < V15.1 Update 5), SIMATIC WinCC Runtime Professional V16 (All versions < V16 Update 2), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 14), SIMATIC WinCC V7.5 (All versions < V7.5 SP1 Update 3), SINAMICS STARTER (All Versions < V5.4 HF2), SINAMICS Startdrive (All Versions < V16 Update 3), SINEC NMS (All versions < V1.0 SP2), SINEMA Server (All versions < V14 SP3), SINUMERIK ONE virtual (All Versions < V6.14), SINUMERIK Operate (All Versions < V6.14). A common component used by the affected applications regularly calls a helper binary with SYSTEM privileges while the call path is not quoted. This could allow a local attacker to execute arbitrary code with SYTEM privileges.\"},{\"lang\":\"es\",\"value\":\"Se ha identificado una vulnerabilidad en SIMATIC Automation Tool (Todas las versiones anteriores a la versión V4 SP2), SIMATIC NET PC Software V14 (Todas las versiones anteriores a la versión V14 SP1 Update 14), SIMATIC NET PC Software V15 (Todas las versiones), SIMATIC NET PC Software V16 (Todas las versiones anteriores a la versión V16 Upd3), SIMATIC PCS neo (Todas las versiones anteriores a la versión V3.0 SP1), SIMATIC ProSave (Todas las versiones anteriores a la versión V17), SIMATIC S7-1500 Software Controller (Todas las versiones anteriores a la versión V21. 8), SIMATIC STEP 7 (Todas las versiones anteriores a la versión V5.6 SP2 HF3), SIMATIC STEP 7 (TIA Portal) V13 (Todas las versiones anteriores a la versión V13 SP2 Update 4), SIMATIC STEP 7 (TIA Portal) V14 (Todas las versiones anteriores a la versión V14 SP1 Update 10), SIMATIC STEP 7 (TIA Portal) V15 (Todas las versiones anteriores a la versión V15. 1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (Todas las versiones anteriores a la versión V16 Update 2), SIMATIC WinCC OA V3.16 (Todas las versiones anteriores a la versión V3.16 P018), SIMATIC WinCC OA V3. 17 (Todas las versiones anteriores a la versión V3.17 P003), SIMATIC WinCC Runtime Advanced (Todas las versiones anteriores a la versión V16 Update 2), SIMATIC WinCC Runtime Professional V13 (Todas las versiones anteriores a la versión V13 SP2 Update 4), SIMATIC WinCC Runtime Professional V14 (Todas las versiones anteriores a la versión V14 SP1 Update 10), SIMATIC WinCC Runtime Professional V15 (Todas las versiones anteriores a la versión V15.1 Update 5), SIMATIC WinCC Runtime Professional V16 (Todas las versiones anteriores a la versión V16 Update 2), SIMATIC WinCC V7. 4 (Todas las versiones anteriores a la versión V7.4 SP1 Update 14), SIMATIC WinCC V7.5 (Todas las versiones anteriores a la versión V7.5 SP1 Update 3), SINAMICS STARTER (Todas las versiones anteriores a la versión V5.4 HF2), SINAMICS Startdrive (Todas las versiones anteriores a la versión V16 Update 3), SINEC NMS (Todas las versiones anteriores a la versión V1. 0 SP2), SINEMA Server (Todas las versiones anteriores a la versión V14 SP3), SINUMERIK ONE virtual (Todas las versiones anteriores a la versión V6.14), SINUMERIK Operate (Todas las versiones anteriores a la versión V6.14). Un componente dentro de la aplicación afectada llama regularmente a un binario de ayuda con privilegios de SISTEMA mientras la ruta de llamada no está citada\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":6.7,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":0.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":7.2,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":3.9,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"productcert@siemens.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-428\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-428\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:simatic_automatic_tool:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A659B687-1038-42F5-B8AC-A394E41D22A8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:simatic_net_pc:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"16\",\"matchCriteriaId\":\"744B5953-511F-42CA-80A0-DBE36A6AA144\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:simatic_net_pc:16:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"496E3C43-5DA8-4983-8AC6-0F32454E22F3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:simatic_net_pc:16:update1:*:*:*:*:*:*\",\"matchCriteriaId\":\"17BCC3CD-61D0-416D-A241-D35AF8EE5BF8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:simatic_pcs_7:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"13E3BDF0-B691-4A97-A74A-A65EC910480E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:simatic_pcs_neo:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D61D4B81-7F51-49BE-83DD-D2C28D23B0EA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:simatic_prosave:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CB7752CF-D754-4A78-999B-45FE379E03DE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:simatic_s7-1500_software_controller:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"21.8\",\"matchCriteriaId\":\"658E1A3F-29D6-48D2-BCCE-0BCC41AC49F6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:simatic_step_7:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.6\",\"matchCriteriaId\":\"CAF09D6E-3375-4731-B16D-30B7592EA5FB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:simatic_step_7:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13\",\"versionEndIncluding\":\"16\",\"matchCriteriaId\":\"1A3CA33C-AFAB-418F-870F-0236B8E55943\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:simatic_step_7:5.6:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"851F8474-4568-487D-98FB-47DF7EAEAC3B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:simatic_step_7:5.6:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"81EADA2F-884C-4D72-8489-71025B3EBAEE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:simatic_step_7:5.6:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"78366D2F-B728-47F6-B539-5FB2D1B0419D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:simatic_step_7:5.6:sp2_hotfix1:*:*:*:*:*:*\",\"matchCriteriaId\":\"06A86DA0-BC1F-4306-B02E-ED2FA36BE273\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:simatic_wincc:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"7.4\",\"matchCriteriaId\":\"3F39B396-140B-4005-9A61-F984C9FAF742\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:simatic_wincc:7.4:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"3B0BD5DE-C6EF-4B89-831B-DA34DB0D68F6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:simatic_wincc:7.4:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"2637C346-8AAF-481F-AFB0-BAD4254D14F4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update1:*:*:*:*:*:*\",\"matchCriteriaId\":\"BF8404AB-579E-4C6B-BCA7-E95F2CE24F7D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update10:*:*:*:*:*:*\",\"matchCriteriaId\":\"88F6B3BF-727F-432E-89D8-37FB7C76FE2B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update11:*:*:*:*:*:*\",\"matchCriteriaId\":\"62EB588C-CBB4-4B17-9BB5-B14B1FC6BB21\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update12:*:*:*:*:*:*\",\"matchCriteriaId\":\"AF3F613C-6707-4517-B4B8-530C912B79E6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update13:*:*:*:*:*:*\",\"matchCriteriaId\":\"590F62CE-9245-4AC9-9FBC-35136E217B0E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update2:*:*:*:*:*:*\",\"matchCriteriaId\":\"241D5A28-FB22-4C5B-A067-733168E847BF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update3:*:*:*:*:*:*\",\"matchCriteriaId\":\"A5418F92-84A9-439C-B86C-ED5820697603\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update4:*:*:*:*:*:*\",\"matchCriteriaId\":\"40631FBD-116B-4589-B77A-6C5A69990F73\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update5:*:*:*:*:*:*\",\"matchCriteriaId\":\"64B14972-6163-4D44-A9C6-16328E02AC69\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update6:*:*:*:*:*:*\",\"matchCriteriaId\":\"8929E926-740F-4F17-B52C-4C73914B1818\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update7:*:*:*:*:*:*\",\"matchCriteriaId\":\"D4F72666-D10A-4EB2-80D3-18B04C101256\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update8:*:*:*:*:*:*\",\"matchCriteriaId\":\"0E343221-1E1A-4EE7-80AE-AB24E2244BA0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update9:*:*:*:*:*:*\",\"matchCriteriaId\":\"1BF716D7-0A77-400F-9B43-64FBE3E65735\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:simatic_wincc:7.5:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"E79DA14E-419C-49BA-8E4F-2907E1D8937F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:simatic_wincc:7.5:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"81F9C13C-065C-4E40-BB46-687D791348A9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:simatic_wincc:7.5:sp1_update1:*:*:*:*:*:*\",\"matchCriteriaId\":\"5CF06E69-0A23-418D-B0EC-574DACBB4DD9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:simatic_wincc:7.5:sp1_update2:*:*:*:*:*:*\",\"matchCriteriaId\":\"9164EAC1-C416-4F1F-A910-CE84A167A6D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:simatic_wincc_open_architecture:3.16:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4B9ED7EF-EF58-400F-92C9-3D52D8E39783\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:simatic_wincc_open_architecture:3.17:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1C3F9210-7A1E-4B10-B384-119FD5733A86\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:simatic_wincc_runtime_advanced:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"79EE15DC-74D3-4551-AAD0-EA0CB600DA76\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:simatic_wincc_runtime_professional:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13\",\"versionEndIncluding\":\"16\",\"matchCriteriaId\":\"3C9253AD-BD82-4BB2-84AD-EB1892B60358\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:sinamics_startdrive:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C11DB09A-74E1-45EF-A162-9C1E91F54C04\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:sinamics_starter_commissioning_tool:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1976CDDA-F2AF-4C47-804E-2C1DF44FBF41\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:sinec_network_management_system:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"52F7076E-12F7-4F62-9804-18598C39D3FF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:sinema_server:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C55DA617-6333-40DA-AB7D-EE49A453E143\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:sinumerik_one_virtual:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A607E4B7-2F58-4F68-91EB-16874986E92F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:sinumerik_operate:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BAFC5C25-EC3C-4EB6-B5B2-478AE9CEF10F\"}]}]}],\"references\":[{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-312271.pdf\",\"source\":\"productcert@siemens.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://us-cert.cisa.gov/ics/advisories/icsa-20-161-04\",\"source\":\"productcert@siemens.com\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-312271.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://us-cert.cisa.gov/ics/advisories/icsa-20-161-04\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]}]}}",
   },
}


Log in or create an account to share your comment.

Security Advisory comment format.

This schema specifies the format of a comment related to a security advisory.

UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).



Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.