Details of VAR-202007-1236

ID

VAR-202007-1236

CVE

CVE-2020-7587

TITLE

Resource exhaustion vulnerabilities in multiple Siemens products

Trust: 0.8

sources: JVNDB: JVNDB-2020-008064

DESCRIPTION

A vulnerability has been identified in Opcenter Execution Discrete (All versions < V3.2), Opcenter Execution Foundation (All versions < V3.2), Opcenter Execution Process (All versions < V3.2), Opcenter Intelligence (All versions < V3.3), Opcenter Quality (All versions < V11.3), Opcenter RD&L (V8.0), SIMATIC IT LMS (All versions < V2.6), SIMATIC IT Production Suite (All versions < V8.0), SIMATIC Notifier Server for Windows (All versions), SIMATIC PCS neo (All versions < V3.0 SP1), SIMATIC STEP 7 (TIA Portal) V15 (All versions < V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 2), SIMOCODE ES V15.1 (All versions < V15.1 Update 4), SIMOCODE ES V16 (All versions < V16 Update 1), Soft Starter ES V15.1 (All versions < V15.1 Update 3), Soft Starter ES V16 (All versions < V16 Update 1). Sending multiple specially crafted packets to the affected service could cause a partial remote denial-of-service, that would cause the service to restart itself. On some cases the vulnerability could leak random information from the remote service. Several Siemens products contain resource exhaustion vulnerabilities.Information is obtained and denial of service (DoS) It may be put in a state. A resource management error vulnerability exists in . This vulnerability stems from improper management of system resources (such as memory, disk space, files, etc.) by network systems or products. The following products and versions are affected:

Trust: 1.8

sources: NVD: CVE-2020-7587 // JVNDB: JVNDB-2020-008064 // VULHUB: VHN-185712 // VULMON: CVE-2020-7587

AFFECTED PRODUCTS

vendor:	siemens	model:	simocode es	scope:	eq	version:	15.1	Trust: 1.0
vendor:	siemens	model:	opcenter execution process	scope:	lt	version:	3.2	Trust: 1.0
vendor:	siemens	model:	simatic pcs neo	scope:	lt	version:	3.0	Trust: 1.0
vendor:	siemens	model:	opcenter intelligence	scope:	lt	version:	3.3	Trust: 1.0
vendor:	siemens	model:	simatic step 7	scope:	gte	version:	15	Trust: 1.0
vendor:	siemens	model:	simatic step 7	scope:	lt	version:	15.1	Trust: 1.0
vendor:	siemens	model:	simatic step 7	scope:	eq	version:	16	Trust: 1.0
vendor:	siemens	model:	simatic pcs neo	scope:	eq	version:	3.0	Trust: 1.0
vendor:	siemens	model:	simatic notifier server	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	simatic step 7	scope:	eq	version:	15.1	Trust: 1.0
vendor:	siemens	model:	opcenter execution discrete	scope:	lt	version:	3.2	Trust: 1.0
vendor:	siemens	model:	simatic it production suite	scope:	lt	version:	8.0	Trust: 1.0
vendor:	siemens	model:	opcenter quality	scope:	lt	version:	11.3	Trust: 1.0
vendor:	siemens	model:	opcenter execution foundation	scope:	lt	version:	3.2	Trust: 1.0
vendor:	siemens	model:	soft starter es	scope:	lt	version:	15.1	Trust: 1.0
vendor:	siemens	model:	simocode es	scope:	lt	version:	15.1	Trust: 1.0
vendor:	siemens	model:	simocode es	scope:	eq	version:	16	Trust: 1.0
vendor:	siemens	model:	simatic it lms	scope:	lt	version:	2.6	Trust: 1.0
vendor:	siemens	model:	soft starter es	scope:	eq	version:	15.1	Trust: 1.0
vendor:	siemens	model:	opcenter rd\&l	scope:	eq	version:	8.0	Trust: 1.0
vendor:	シーメンス	model:	opcenter execution discrete	scope:	lt	version:	3.2	Trust: 0.8
vendor:	シーメンス	model:	opcenter execution foundation	scope:	lt	version:	3.2	Trust: 0.8
vendor:	シーメンス	model:	opcenter execution process	scope:	lt	version:	3.2	Trust: 0.8
vendor:	シーメンス	model:	opcenter intelligence	scope:	eq	version:	-	Trust: 0.8
vendor:	シーメンス	model:	opcenter quality	scope:	lt	version:	11.3	Trust: 0.8
vendor:	シーメンス	model:	opcenter rd&26l	scope:	eq	version:	8.0	Trust: 0.8
vendor:	シーメンス	model:	simatic it lms	scope:	eq	version:	-	Trust: 0.8
vendor:	シーメンス	model:	simatic it production suite	scope:	eq	version:	-	Trust: 0.8
vendor:	シーメンス	model:	simatic notifier server	scope:	eq	version:	-	Trust: 0.8
vendor:	シーメンス	model:	simatic pcs neo	scope:	lt	version:	3.0 sp1	Trust: 0.8

sources: JVNDB: JVNDB-2020-008064 // NVD: CVE-2020-7587

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-7587
value:	HIGH
Trust: 1.0
NVD:	CVE-2020-7587
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202007-573
value:	HIGH
Trust: 0.6
VULHUB:	VHN-185712
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2020-7587
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-7587
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-185712
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-7587
baseSeverity:	HIGH
baseScore:	8.2
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	LOW
exploitabilityScore:	3.9
impactScore:	4.2
version:	3.1
Trust: 1.0
NVD:	CVE-2020-7587
baseSeverity:	HIGH
baseScore:	8.2
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	LOW
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-185712 // VULMON: CVE-2020-7587 // JVNDB: JVNDB-2020-008064 // CNNVD: CNNVD-202007-573 // NVD: CVE-2020-7587

PROBLEMTYPE DATA

problemtype:	CWE-400	Trust: 1.1
problemtype:	Resource exhaustion (CWE-400) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-185712 // JVNDB: JVNDB-2020-008064 // NVD: CVE-2020-7587

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202007-573

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-202007-573

PATCH

title:	SSA-841348	url:	https://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdf	Trust: 0.8
title:	Siemens Security Advisories: Siemens Security Advisory	url:	https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=2c5193074a957cb3ecdc0e93e2ad86b5	Trust: 0.1
title:	-	url:	https://github.com/Live-Hack-CVE/CVE-2020-7587	Trust: 0.1

sources: VULMON: CVE-2020-7587 // JVNDB: JVNDB-2020-008064

EXTERNAL IDS

db:	NVD	id:	CVE-2020-7587	Trust: 2.6
db:	SIEMENS	id:	SSA-841348	Trust: 1.8
db:	JVN	id:	JVNVU97872642	Trust: 0.8
db:	JVNDB	id:	JVNDB-2020-008064	Trust: 0.8
db:	CNNVD	id:	CNNVD-202007-573	Trust: 0.7
db:	ICS CERT	id:	ICSA-20-196-05	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.2393.2	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.2393	Trust: 0.6
db:	CNVD	id:	CNVD-2021-54362	Trust: 0.1
db:	VULHUB	id:	VHN-185712	Trust: 0.1
db:	VULMON	id:	CVE-2020-7587	Trust: 0.1

sources: VULHUB: VHN-185712 // VULMON: CVE-2020-7587 // JVNDB: JVNDB-2020-008064 // CNNVD: CNNVD-202007-573 // NVD: CVE-2020-7587

REFERENCES

url:	https://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdf	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2020-7587	Trust: 1.4
url:	https://jvn.jp/vu/jvnvu97872642/	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2020.2393.2/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.2393/	Trust: 0.6
url:	https://vigilance.fr/vulnerability/simatic-multiple-vulnerabilities-via-umc-stack-32813	Trust: 0.6
url:	https://us-cert.cisa.gov/ics/advisories/icsa-20-196-05	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/400.html	Trust: 0.1
url:	https://github.com/live-hack-cve/cve-2020-7587	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://cert-portal.siemens.com/productcert/txt/ssa-841348.txt	Trust: 0.1

sources: VULHUB: VHN-185712 // VULMON: CVE-2020-7587 // JVNDB: JVNDB-2020-008064 // CNNVD: CNNVD-202007-573 // NVD: CVE-2020-7587

CREDITS

Victor Fidalgo of INCIBE and Reid Wightman of Dragos reported these vulnerabilities to Siemens.

Trust: 0.6

sources: CNNVD: CNNVD-202007-573

SOURCES

db:	VULHUB	id:	VHN-185712
db:	VULMON	id:	CVE-2020-7587
db:	JVNDB	id:	JVNDB-2020-008064
db:	CNNVD	id:	CNNVD-202007-573
db:	NVD	id:	CVE-2020-7587

LAST UPDATE DATE

2024-08-14T14:03:37.785000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-185712	date:	2023-01-30T00:00:00
db:	VULMON	id:	CVE-2020-7587	date:	2023-01-30T00:00:00
db:	JVNDB	id:	JVNDB-2020-008064	date:	2020-09-03T00:00:00
db:	CNNVD	id:	CNNVD-202007-573	date:	2022-08-11T00:00:00
db:	NVD	id:	CVE-2020-7587	date:	2023-01-30T19:53:59.707

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-185712	date:	2020-07-14T00:00:00
db:	VULMON	id:	CVE-2020-7587	date:	2020-07-14T00:00:00
db:	JVNDB	id:	JVNDB-2020-008064	date:	2020-09-03T00:00:00
db:	CNNVD	id:	CNNVD-202007-573	date:	2020-07-14T00:00:00
db:	NVD	id:	CVE-2020-7587	date:	2020-07-14T14:15:18.930