Sign-up

ID

VAR-202006-1520


CVE

CVE-2020-7585


TITLE

Vulnerabilities in uncontrolled search path elements in multiple Siemens products

Trust: 0.8

sources: JVNDB: JVNDB-2020-006491

DESCRIPTION

A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3), SIMATIC PDM (All versions < V9.2), SIMATIC STEP 7 V5.X (All versions < V5.6 SP2 HF3), SINAMICS STARTER (containing STEP 7 OEM version) (All versions < V5.4 HF2). A DLL Hijacking vulnerability could allow a local attacker to execute code with elevated privileges. The security vulnerability could be exploited by an attacker with local access to the affected systems. Successful exploitation requires user privileges but no user interaction. The vulnerability could allow an attacker to compromise the availability of the system as well as to have access to confidential information. Several Siemens products contain vulnerabilities in uncontrolled search path elements.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. A code issue vulnerability exists in several Siemens products

Trust: 1.8

sources: NVD: CVE-2020-7585 // JVNDB: JVNDB-2020-006491 // VULHUB: VHN-185710 // VULMON: CVE-2020-7585

AFFECTED PRODUCTS

vendor:siemensmodel:sinamics starterscope:eqversion:5.4

Trust: 1.0

vendor:siemensmodel:simatic process device managerscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:sinamics starterscope:ltversion:5.4

Trust: 1.0

vendor:siemensmodel:simatic pcs 7scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic step 7scope:eqversion:5.6

Trust: 1.0

vendor:siemensmodel:simatic step 7scope:ltversion:5.6

Trust: 1.0

vendor:siemensmodel:simatic pcs 7scope: - version: -

Trust: 0.8

vendor:siemensmodel:simatic process devise managerscope: - version: -

Trust: 0.8

vendor:siemensmodel:simatic step 7scope: - version: -

Trust: 0.8

vendor:siemensmodel:sinamics starterscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-006491 // NVD: CVE-2020-7585

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-7585
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-006491
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202006-637
value: HIGH

Trust: 0.6

VULHUB: VHN-185710
value: MEDIUM

Trust: 0.1

VULMON: CVE-2020-7585
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-7585
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2020-006491
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-185710
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-7585
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-006491
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-185710 // VULMON: CVE-2020-7585 // JVNDB: JVNDB-2020-006491 // CNNVD: CNNVD-202006-637 // NVD: CVE-2020-7585

PROBLEMTYPE DATA

problemtype:CWE-427

Trust: 1.9

sources: VULHUB: VHN-185710 // JVNDB: JVNDB-2020-006491 // NVD: CVE-2020-7585

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202006-637

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-202006-637

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-006491

PATCH
title:SSA-689942url:https://cert-portal.siemens.com/productcert/pdf/ssa-689942.pdf
Trust: 0.8
title:Multiple Siemens Product code issue vulnerability fixesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=121655
Trust: 0.6
title:Siemens Security Advisories: Siemens Security Advisoryurl:https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=a4e9f15cd5160c08e29d73e3ccdb55da
Trust: 0.1
sources:
            
            
            VULMON: CVE-2020-7585 // 
            
            
            
            JVNDB: JVNDB-2020-006491 // 
            
            
            
            CNNVD: CNNVD-202006-637

EXTERNAL IDS
db:NVDid:CVE-2020-7585
Trust: 2.6
db:ICS CERTid:ICSA-20-161-05
Trust: 2.6
db:SIEMENSid:SSA-689942
Trust: 1.8
db:JVNid:JVNVU97501786
Trust: 0.8
db:JVNDBid:JVNDB-2020-006491
Trust: 0.8
db:CNNVDid:CNNVD-202006-637
Trust: 0.7
db:AUSCERTid:ESB-2020.2015
Trust: 0.6
db:VULHUBid:VHN-185710
Trust: 0.1
db:VULMONid:CVE-2020-7585
Trust: 0.1
sources:
            
            
            VULHUB: VHN-185710 // 
            
            
            
            VULMON: CVE-2020-7585 // 
            
            
            
            JVNDB: JVNDB-2020-006491 // 
            
            
            
            CNNVD: CNNVD-202006-637 // 
            
            
            
            NVD: CVE-2020-7585

REFERENCES
url:https://www.us-cert.gov/ics/advisories/icsa-20-161-05
Trust: 3.2
url:https://us-cert.cisa.gov/ics/advisories/icsa-20-161-05
Trust: 2.3
url:https://cert-portal.siemens.com/productcert/pdf/ssa-689942.pdf
Trust: 1.8
url:https://nvd.nist.gov/vuln/detail/cve-2020-7585
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-7585
Trust: 0.8
url:https://jvn.jp/vu/jvnvu97501786/
Trust: 0.8
url:https://vigilance.fr/vulnerability/simatic-two-vulnerabilities-32490
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2020.2015/
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/427.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/183162
Trust: 0.1
sources:
            
            
            VULHUB: VHN-185710 // 
            
            
            
            VULMON: CVE-2020-7585 // 
            
            
            
            JVNDB: JVNDB-2020-006491 // 
            
            
            
            CNNVD: CNNVD-202006-637 // 
            
            
            
            NVD: CVE-2020-7585

SOURCES
db:VULHUBid:VHN-185710
db:VULMONid:CVE-2020-7585
db:JVNDBid:JVNDB-2020-006491
db:CNNVDid:CNNVD-202006-637
db:NVDid:CVE-2020-7585

LAST UPDATE DATE
2024-08-14T13:17:05.067000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-185710date:2021-04-22T00:00:00
db:VULMONid:CVE-2020-7585date:2021-04-22T00:00:00
db:JVNDBid:JVNDB-2020-006491date:2020-07-09T00:00:00
db:CNNVDid:CNNVD-202006-637date:2022-03-11T00:00:00
db:NVDid:CVE-2020-7585date:2021-04-22T21:15:09.427

SOURCES RELEASE DATE
db:VULHUBid:VHN-185710date:2020-06-10T00:00:00
db:VULMONid:CVE-2020-7585date:2020-06-10T00:00:00
db:JVNDBid:JVNDB-2020-006491date:2020-07-09T00:00:00
db:CNNVDid:CNNVD-202006-637date:2020-06-09T00:00:00
db:NVDid:CVE-2020-7585date:2020-06-10T17:15:12.457