// For flags

CVE-2020-28392

 

Severity Score

7.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

A vulnerability has been identified in SIMARIS configuration (All versions < V4.0.1). During installation to default target folder, incorrect permissions are configured for the application folder and subfolders which could allow an attacker to gain persistence or potentially escalate privileges should a user with elevated credentials log onto the machine.

Se ha identificado una vulnerabilidad en la configuración de SIMARIS (todas las versiones anteriores a V4.0.1). Durante la instalación en la carpeta de destino predeterminada, son configurados permisos incorrectos para la carpeta de la aplicación y las subcarpetas, lo que podría permitir a un atacante obtener persistencia o potencialmente escalar los privilegios si un usuario con credenciales elevadas inicia sesión en la máquina

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Local
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2020-11-10 CVE Reserved
  • 2021-02-09 CVE Published
  • 2023-03-08 EPSS Updated
  • 2024-08-04 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-276: Incorrect Default Permissions
CAPEC
References (1)
URL Tag Source
URL Date SRC
URL Date SRC
https://cert-portal.siemens.com/productcert/pdf/ssa-794542.pdf 2022-04-29
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Siemens
Search vendor "Siemens"
 Simaris Configuration
Search vendor "Siemens" for product "Simaris Configuration"
 < 4.0.1
Search vendor "Siemens" for product "Simaris Configuration" and version " < 4.0.1"
-
Affected