Vulnerability Details CVE-2020-7580
A vulnerability has been identified in SIMATIC Automation Tool (All versions < V4 SP2), SIMATIC NET PC Software V14 (All versions < V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions), SIMATIC NET PC Software V16 (All versions < V16 Upd3), SIMATIC PCS neo (All versions < V3.0 SP1), SIMATIC ProSave (All versions < V17), SIMATIC S7-1500 Software Controller (All versions < V21.8), SIMATIC STEP 7 (TIA Portal) V13 (All versions < V13 SP2 Update 4), SIMATIC STEP 7 (TIA Portal) V14 (All versions < V14 SP1 Update 10), SIMATIC STEP 7 (TIA Portal) V15 (All versions < V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 2), SIMATIC STEP 7 V5 (All versions < V5.6 SP2 HF3), SIMATIC WinCC OA V3.16 (All versions < V3.16 P018), SIMATIC WinCC OA V3.17 (All versions < V3.17 P003), SIMATIC WinCC Runtime Advanced (All versions < V16 Update 2), SIMATIC WinCC Runtime Professional V13 (All versions < V13 SP2 Update 4), SIMATIC WinCC Runtime Professional V14 (All versions < V14 SP1 Update 10), SIMATIC WinCC Runtime Professional V15 (All versions < V15.1 Update 5), SIMATIC WinCC Runtime Professional V16 (All versions < V16 Update 2), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 14), SIMATIC WinCC V7.5 (All versions < V7.5 SP1 Update 3), SINAMICS STARTER (All Versions < V5.4 HF2), SINAMICS Startdrive (All Versions < V16 Update 3), SINEC NMS (All versions < V1.0 SP2), SINEMA Server (All versions < V14 SP3), SINUMERIK ONE virtual (All Versions < V6.14), SINUMERIK Operate (All Versions < V6.14). A common component used by the affected applications regularly calls a helper binary with SYSTEM privileges while the call path is not quoted. This could allow a local attacker to execute arbitrary code with SYTEM privileges.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 15.2%
CVSS Severity
CVSS v3 Score 6.7
CVSS v2 Score 7.2
References
Products affected by CVE-2020-7580
-
cpe:2.3:a:siemens:simatic_automatic_tool:-
-
cpe:2.3:a:siemens:simatic_net_pc:-
-
cpe:2.3:a:siemens:simatic_net_pc:14
-
cpe:2.3:a:siemens:simatic_net_pc:15
-
cpe:2.3:a:siemens:simatic_net_pc:16
-
cpe:2.3:a:siemens:simatic_pcs_7:-
-
cpe:2.3:a:siemens:simatic_pcs_7:6.0
-
cpe:2.3:a:siemens:simatic_pcs_7:6.1
-
cpe:2.3:a:siemens:simatic_pcs_7:7.0
-
cpe:2.3:a:siemens:simatic_pcs_7:7.1
-
cpe:2.3:a:siemens:simatic_pcs_7:8.0
-
cpe:2.3:a:siemens:simatic_pcs_7:8.1
-
cpe:2.3:a:siemens:simatic_pcs_7:8.2
-
cpe:2.3:a:siemens:simatic_pcs_7:9.0
-
cpe:2.3:a:siemens:simatic_pcs_7:9.1
-
cpe:2.3:a:siemens:simatic_pcs_neo:-
-
cpe:2.3:a:siemens:simatic_pcs_neo:3.0
-
cpe:2.3:a:siemens:simatic_pcs_neo:3.1
-
cpe:2.3:a:siemens:simatic_pcs_neo:4.0
-
cpe:2.3:a:siemens:simatic_pcs_neo:4.1
-
cpe:2.3:a:siemens:simatic_prosave:13.0
-
cpe:2.3:a:siemens:simatic_s7-1500_software_controller:-
-
cpe:2.3:a:siemens:simatic_s7-1500_software_controller:2.0
-
cpe:2.3:a:siemens:simatic_s7-1500_software_controller:2.1
-
cpe:2.3:a:siemens:simatic_s7-1500_software_controller:2.5
-
cpe:2.3:a:siemens:simatic_s7-1500_software_controller:2.6
-
cpe:2.3:a:siemens:simatic_s7-1500_software_controller:2.7
-
cpe:2.3:a:siemens:simatic_s7-1500_software_controller:20.8
-
cpe:2.3:a:siemens:simatic_step_7:13
-
cpe:2.3:a:siemens:simatic_step_7:13.0
-
cpe:2.3:a:siemens:simatic_step_7:13.001
-
cpe:2.3:a:siemens:simatic_step_7:13.002
-
cpe:2.3:a:siemens:simatic_step_7:13.003
-
cpe:2.3:a:siemens:simatic_step_7:13.004
-
cpe:2.3:a:siemens:simatic_step_7:13.005
-
cpe:2.3:a:siemens:simatic_step_7:13.006
-
cpe:2.3:a:siemens:simatic_step_7:13.007
-
cpe:2.3:a:siemens:simatic_step_7:13.008
-
cpe:2.3:a:siemens:simatic_step_7:13.009
-
cpe:2.3:a:siemens:simatic_step_7:13.010
-
cpe:2.3:a:siemens:simatic_step_7:14
-
cpe:2.3:a:siemens:simatic_step_7:15
-
cpe:2.3:a:siemens:simatic_step_7:15.1
-
cpe:2.3:a:siemens:simatic_step_7:16
-
cpe:2.3:a:siemens:simatic_step_7:5.5
-
cpe:2.3:a:siemens:simatic_step_7:5.6
-
cpe:2.3:a:siemens:simatic_wincc:-
-
cpe:2.3:a:siemens:simatic_wincc:6.2
-
cpe:2.3:a:siemens:simatic_wincc:7.0
-
cpe:2.3:a:siemens:simatic_wincc:7.1
-
cpe:2.3:a:siemens:simatic_wincc:7.2
-
cpe:2.3:a:siemens:simatic_wincc:7.3
-
cpe:2.3:a:siemens:simatic_wincc:7.4
-
cpe:2.3:a:siemens:simatic_wincc:7.5
-
cpe:2.3:a:siemens:simatic_wincc_open_architecture:3.16
-
cpe:2.3:a:siemens:simatic_wincc_open_architecture:3.17
-
cpe:2.3:a:siemens:simatic_wincc_runtime_advanced:-
-
cpe:2.3:a:siemens:simatic_wincc_runtime_advanced:15.1
-
cpe:2.3:a:siemens:simatic_wincc_runtime_advanced:16
-
cpe:2.3:a:siemens:simatic_wincc_runtime_professional:13
-
cpe:2.3:a:siemens:simatic_wincc_runtime_professional:14
-
cpe:2.3:a:siemens:simatic_wincc_runtime_professional:15
-
cpe:2.3:a:siemens:simatic_wincc_runtime_professional:16
-
cpe:2.3:a:siemens:sinamics_startdrive:-
-
cpe:2.3:a:siemens:sinamics_starter_commissioning_tool:-
-
cpe:2.3:a:siemens:sinec_network_management_system:-
-
cpe:2.3:a:siemens:sinec_network_management_system:1.0
-
cpe:2.3:a:siemens:sinec_network_management_system:1.0.3
-
cpe:2.3:a:siemens:sinema_server:12.0
-
cpe:2.3:a:siemens:sinema_server:13.0
-
cpe:2.3:a:siemens:sinema_server:14.0
-
cpe:2.3:a:siemens:sinumerik_one_virtual:-
-
cpe:2.3:a:siemens:sinumerik_operate:4.5
-
cpe:2.3:a:siemens:sinumerik_operate:4.7