ID

VAR-202006-1828


CVE

CVE-2020-7580


TITLE

plural SIMATIC Vulnerabilities in unquoted search paths or elements in products

Trust: 0.8

sources: JVNDB: JVNDB-2020-006496

DESCRIPTION

A vulnerability has been identified in SIMATIC Automation Tool (All versions < V4 SP2), SIMATIC NET PC Software V14 (All versions < V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions), SIMATIC NET PC Software V16 (All versions < V16 Upd3), SIMATIC PCS neo (All versions < V3.0 SP1), SIMATIC ProSave (All versions < V17), SIMATIC S7-1500 Software Controller (All versions < V21.8), SIMATIC STEP 7 (TIA Portal) V13 (All versions < V13 SP2 Update 4), SIMATIC STEP 7 (TIA Portal) V14 (All versions < V14 SP1 Update 10), SIMATIC STEP 7 (TIA Portal) V15 (All versions < V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 2), SIMATIC STEP 7 V5 (All versions < V5.6 SP2 HF3), SIMATIC WinCC OA V3.16 (All versions < V3.16 P018), SIMATIC WinCC OA V3.17 (All versions < V3.17 P003), SIMATIC WinCC Runtime Advanced (All versions < V16 Update 2), SIMATIC WinCC Runtime Professional V13 (All versions < V13 SP2 Update 4), SIMATIC WinCC Runtime Professional V14 (All versions < V14 SP1 Update 10), SIMATIC WinCC Runtime Professional V15 (All versions < V15.1 Update 5), SIMATIC WinCC Runtime Professional V16 (All versions < V16 Update 2), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 14), SIMATIC WinCC V7.5 (All versions < V7.5 SP1 Update 3), SINAMICS STARTER (All Versions < V5.4 HF2), SINAMICS Startdrive (All Versions < V16 Update 3), SINEC NMS (All versions < V1.0 SP2), SINEMA Server (All versions < V14 SP3), SINUMERIK ONE virtual (All Versions < V6.14), SINUMERIK Operate (All Versions < V6.14). A common component used by the affected applications regularly calls a helper binary with SYSTEM privileges while the call path is not quoted. This could allow a local attacker to execute arbitrary code with SYTEM privileges. plural SIMATIC The product contains vulnerabilities in unquoted search paths or elements.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Opera Software, Opera, etc. are all products of Opera Software in Norway. Opera is a web browser, Siemens SIMATIC S7-1500, etc. are all products of German Siemens (Siemens). SIMATIC S7-1500 is a programmable logic controller. SIMATIC WinCC is an automated data acquisition and monitoring (SCADA) system. Code issue vulnerabilities exist in several products. This vulnerability stems from improper design or implementation problems in the code development process of network systems or products

Trust: 1.8

sources: NVD: CVE-2020-7580 // JVNDB: JVNDB-2020-006496 // VULHUB: VHN-185705 // VULMON: CVE-2020-7580

AFFECTED PRODUCTS

vendor:siemensmodel:simatic pcs neoscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic wincc open architecturescope:eqversion:3.17

Trust: 1.0

vendor:siemensmodel:simatic pcs 7scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic wincc runtime professionalscope:gteversion:13

Trust: 1.0

vendor:siemensmodel:simatic step 7scope:gteversion:13

Trust: 1.0

vendor:siemensmodel:simatic wincc runtime professionalscope:lteversion:16

Trust: 1.0

vendor:siemensmodel:sinec network management systemscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic prosavescope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic step 7scope:lteversion:16

Trust: 1.0

vendor:siemensmodel:sinumerik one virtualscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic wincc open architecturescope:eqversion:3.16

Trust: 1.0

vendor:siemensmodel:sinumerik operatescope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic winccscope:eqversion:7.4

Trust: 1.0

vendor:siemensmodel:simatic net pcscope:eqversion:16

Trust: 1.0

vendor:siemensmodel:sinamics starter commissioning toolscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic wincc runtime advancedscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:sinema serverscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic step 7scope:ltversion:5.6

Trust: 1.0

vendor:siemensmodel:simatic winccscope:eqversion:7.5

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 software controllerscope:ltversion:21.8

Trust: 1.0

vendor:siemensmodel:simatic step 7scope:eqversion:5.6

Trust: 1.0

vendor:siemensmodel:sinamics startdrivescope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic winccscope:ltversion:7.4

Trust: 1.0

vendor:siemensmodel:simatic net pcscope:ltversion:16

Trust: 1.0

vendor:siemensmodel:simatic automatic toolscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic automation toolscope: - version: -

Trust: 0.8

vendor:siemensmodel:simatic net pc softwarescope: - version: -

Trust: 0.8

vendor:siemensmodel:simatic pcs 7scope: - version: -

Trust: 0.8

vendor:siemensmodel:simatic pcs neoscope: - version: -

Trust: 0.8

vendor:siemensmodel:simatic prosavescope: - version: -

Trust: 0.8

vendor:siemensmodel:simatic step 7scope: - version: -

Trust: 0.8

vendor:siemensmodel:simatic winccscope: - version: -

Trust: 0.8

vendor:siemensmodel:simatic wincc oascope: - version: -

Trust: 0.8

vendor:siemensmodel:simatic wincc runtime advancedscope: - version: -

Trust: 0.8

vendor:siemensmodel:simatic wincc runtime professionalscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-006496 // NVD: CVE-2020-7580

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-7580
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2020-006496
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202006-636
value: MEDIUM

Trust: 0.6

VULHUB: VHN-185705
value: HIGH

Trust: 0.1

VULMON: CVE-2020-7580
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2020-7580
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2020-006496
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-185705
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-7580
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-006496
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-185705 // VULMON: CVE-2020-7580 // JVNDB: JVNDB-2020-006496 // CNNVD: CNNVD-202006-636 // NVD: CVE-2020-7580

PROBLEMTYPE DATA

problemtype:CWE-428

Trust: 1.9

sources: VULHUB: VHN-185705 // JVNDB: JVNDB-2020-006496 // NVD: CVE-2020-7580

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202006-636

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-202006-636

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-006496

PATCH

title:SSA-312271:Unquoted Search Path Vulnerabilities in Windows-based Industrial Software Applicationsurl:https://cert-portal.siemens.com/productcert/pdf/ssa-312271.pdf

Trust: 0.8

title:Multiple Siemens Product code issue vulnerability fixesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=121186

Trust: 0.6

title:Siemens Security Advisories: Siemens Security Advisoryurl:https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=9c51f352314e5a42566d9203d2f1e0a2

Trust: 0.1

sources: VULMON: CVE-2020-7580 // JVNDB: JVNDB-2020-006496 // CNNVD: CNNVD-202006-636

EXTERNAL IDS

db:NVDid:CVE-2020-7580

Trust: 2.6

db:ICS CERTid:ICSA-20-161-04

Trust: 2.6

db:SIEMENSid:SSA-312271

Trust: 1.8

db:JVNid:JVNVU97501786

Trust: 0.8

db:JVNDBid:JVNDB-2020-006496

Trust: 0.8

db:CNNVDid:CNNVD-202006-636

Trust: 0.7

db:AUSCERTid:ESB-2020.2015

Trust: 0.6

db:VULHUBid:VHN-185705

Trust: 0.1

db:VULMONid:CVE-2020-7580

Trust: 0.1

sources: VULHUB: VHN-185705 // VULMON: CVE-2020-7580 // JVNDB: JVNDB-2020-006496 // CNNVD: CNNVD-202006-636 // NVD: CVE-2020-7580

REFERENCES

url:https://us-cert.cisa.gov/ics/advisories/icsa-20-161-04

Trust: 3.2

url:https://cert-portal.siemens.com/productcert/pdf/ssa-312271.pdf

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2020-7580

Trust: 1.4

url:https://www.us-cert.gov/ics/advisories/icsa-20-161-04

Trust: 1.2

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-7580

Trust: 0.8

url:https://jvn.jp/vu/jvnvu97501786/

Trust: 0.8

url:https://vigilance.fr/vulnerability/simatic-code-execution-via-windows-exe-extension-32489

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.2015/

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/428.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://www.cisa.gov/uscert/ics/advisories/icsa-20-161-04

Trust: 0.1

sources: VULHUB: VHN-185705 // VULMON: CVE-2020-7580 // JVNDB: JVNDB-2020-006496 // CNNVD: CNNVD-202006-636 // NVD: CVE-2020-7580

CREDITS

Ander Martinez of Titanium Industrial Security and INCIBE reported this vulnerability to Siemens.

Trust: 0.6

sources: CNNVD: CNNVD-202006-636

SOURCES

db:VULHUBid:VHN-185705
db:VULMONid:CVE-2020-7580
db:JVNDBid:JVNDB-2020-006496
db:CNNVDid:CNNVD-202006-636
db:NVDid:CVE-2020-7580

LAST UPDATE DATE

2024-08-14T12:13:19.797000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-185705date:2022-12-13T00:00:00
db:VULMONid:CVE-2020-7580date:2022-04-12T00:00:00
db:JVNDBid:JVNDB-2020-006496date:2020-07-09T00:00:00
db:CNNVDid:CNNVD-202006-636date:2022-12-14T00:00:00
db:NVDid:CVE-2020-7580date:2023-04-28T17:06:39.047

SOURCES RELEASE DATE

db:VULHUBid:VHN-185705date:2020-06-10T00:00:00
db:VULMONid:CVE-2020-7580date:2020-06-10T00:00:00
db:JVNDBid:JVNDB-2020-006496date:2020-07-09T00:00:00
db:CNNVDid:CNNVD-202006-636date:2020-06-09T00:00:00
db:NVDid:CVE-2020-7580date:2020-06-10T17:15:12.347