CVE-2020-7581

Severity Score

6.7

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

A vulnerability has been identified in Opcenter Execution Discrete (All versions < V3.2), Opcenter Execution Foundation (All versions < V3.2), Opcenter Execution Process (All versions < V3.2), Opcenter Intelligence (All versions < V3.3), Opcenter Quality (All versions < V11.3), Opcenter RD&L (V8.0), SIMATIC Notifier Server for Windows (All versions), SIMATIC PCS neo (All versions < V3.0 SP1), SIMATIC STEP 7 (TIA Portal) V15 (All versions < V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 2), SIMOCODE ES V15.1 (All versions < V15.1 Update 4), SIMOCODE ES V16 (All versions < V16 Update 1), Soft Starter ES V15.1 (All versions < V15.1 Update 3), Soft Starter ES V16 (All versions < V16 Update 1). A component within the affected application calls a helper binary with SYSTEM privileges during startup while the call path is not quoted. This could allow a local attacker with administrative privileges to execute code with SYSTEM level privileges.

Se ha identificado una vulnerabilidad en Opcenter Execution Discrete (Todas las versiones anteriores a V3.2), Opcenter Execution Foundation (Todas las versiones anteriores a V3.2), Opcenter Execution Process (Todas las versiones anteriores a V3.2), Opcenter Intelligence (Todas las versiones anteriores a V3.3), Opcenter Quality (Todas las versiones anteriores a V11.3), Opcenter RD&L (V8.0), SIMATIC Notifier Server for Windows (Todas las versiones), SIMATIC PCS neo (Todas las versiones anteriores a V3. 0 SP1), SIMATIC STEP 7 (TIA Portal) V15 (Todas las versiones anteriores a V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (Todas las versiones anteriores a V16 Update 2), SIMOCODE ES V15.1 (Todas las versiones anteriores a V15.1 Update 4), SIMOCODE ES V16 (Todas las versiones anteriores a V16 Update 1), Soft Starter ES V15.1 (Todas las versiones anteriores a V15.1 Update 3), Soft Starter ES V16 (Todas las versiones anteriores a V16 Update 1). Un componente dentro de la aplicación afectada llama a un binario de ayuda con privilegios de SISTEMA durante el inicio mientras la ruta de llamada no está citada. Esto podría permitir a un atacante local con privilegios administrativos ejecutar código con privilegios de nivel SYSTEM

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2020-01-21 CVE Reserved
2020-07-14 CVE Published
2023-03-08 EPSS Updated
2024-08-04 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-428: Unquoted Search Path or Element

CAPEC

References (1)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdf	2023-01-30

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Siemens Search vendor "Siemens"		Opcenter Execution Discrete Search vendor "Siemens" for product "Opcenter Execution Discrete"				< 3.2 Search vendor "Siemens" for product "Opcenter Execution Discrete" and version " < 3.2"		-		Affected
Siemens Search vendor "Siemens"		Opcenter Execution Foundation Search vendor "Siemens" for product "Opcenter Execution Foundation"				< 3.2 Search vendor "Siemens" for product "Opcenter Execution Foundation" and version " < 3.2"		-		Affected
Siemens Search vendor "Siemens"		Opcenter Execution Process Search vendor "Siemens" for product "Opcenter Execution Process"				< 3.2 Search vendor "Siemens" for product "Opcenter Execution Process" and version " < 3.2"		-		Affected
Siemens Search vendor "Siemens"		Opcenter Intelligence Search vendor "Siemens" for product "Opcenter Intelligence"				*		-		Affected
Siemens Search vendor "Siemens"		Opcenter Quality Search vendor "Siemens" for product "Opcenter Quality"				< 11.3 Search vendor "Siemens" for product "Opcenter Quality" and version " < 11.3"		-		Affected
Siemens Search vendor "Siemens"		Opcenter Rd\&l Search vendor "Siemens" for product "Opcenter Rd\&l"				8.0 Search vendor "Siemens" for product "Opcenter Rd\&l" and version "8.0"		-		Affected
Siemens Search vendor "Siemens"		Simatic Notifier Server Search vendor "Siemens" for product "Simatic Notifier Server"				*		windows		Affected
Siemens Search vendor "Siemens"		Simatic Pcs Neo Search vendor "Siemens" for product "Simatic Pcs Neo"				*		-		Affected
Siemens Search vendor "Siemens"		Simatic Step 7 Search vendor "Siemens" for product "Simatic Step 7"				< 16 Search vendor "Siemens" for product "Simatic Step 7" and version " < 16"		-		Affected
Siemens Search vendor "Siemens"		Simatic Step 7 Search vendor "Siemens" for product "Simatic Step 7"				16 Search vendor "Siemens" for product "Simatic Step 7" and version "16"		-		Affected
Siemens Search vendor "Siemens"		Simatic Step 7 Search vendor "Siemens" for product "Simatic Step 7"				16 Search vendor "Siemens" for product "Simatic Step 7" and version "16"		update1		Affected
Siemens Search vendor "Siemens"		Simocode Es Search vendor "Siemens" for product "Simocode Es"				*		-		Affected
Siemens Search vendor "Siemens"		Soft Starter Es Search vendor "Siemens" for product "Soft Starter Es"				*		-		Affected