mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-07-29 05:56:59 +00:00
327 lines
16 KiB
JSON
327 lines
16 KiB
JSON
{
|
|
"CVE_data_meta": {
|
|
"ASSIGNER": "productcert@siemens.com",
|
|
"ID": "CVE-2020-7580",
|
|
"STATE": "PUBLIC"
|
|
},
|
|
"data_format": "MITRE",
|
|
"data_version": "4.0",
|
|
"data_type": "CVE",
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"vendor_name": "Siemens",
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "SIMATIC Automation Tool",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_value": "All versions < V4 SP2"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"product_name": "SIMATIC NET PC Software V14",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_value": "All versions < V14 SP1 Update 14"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"product_name": "SIMATIC NET PC Software V15",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_value": "All versions"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"product_name": "SIMATIC NET PC Software V16",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_value": "All versions < V16 Upd3"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"product_name": "SIMATIC PCS neo",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_value": "All versions < V3.0 SP1"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"product_name": "SIMATIC ProSave",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_value": "All versions < V17"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"product_name": "SIMATIC S7-1500 Software Controller",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_value": "All versions < V21.8"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"product_name": "SIMATIC STEP 7 (TIA Portal) V13",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_value": "All versions < V13 SP2 Update 4"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"product_name": "SIMATIC STEP 7 (TIA Portal) V14",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_value": "All versions < V14 SP1 Update 10"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"product_name": "SIMATIC STEP 7 (TIA Portal) V15",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_value": "All versions < V15.1 Update 5"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"product_name": "SIMATIC STEP 7 (TIA Portal) V16",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_value": "All versions < V16 Update 2"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"product_name": "SIMATIC STEP 7 V5",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_value": "All versions < V5.6 SP2 HF3"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"product_name": "SIMATIC WinCC OA V3.16",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_value": "All versions < V3.16 P018"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"product_name": "SIMATIC WinCC OA V3.17",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_value": "All versions < V3.17 P003"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"product_name": "SIMATIC WinCC Runtime Advanced",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_value": "All versions < V16 Update 2"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"product_name": "SIMATIC WinCC Runtime Professional V13",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_value": "All versions < V13 SP2 Update 4"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"product_name": "SIMATIC WinCC Runtime Professional V14",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_value": "All versions < V14 SP1 Update 10"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"product_name": "SIMATIC WinCC Runtime Professional V15",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_value": "All versions < V15.1 Update 5"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"product_name": "SIMATIC WinCC Runtime Professional V16",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_value": "All versions < V16 Update 2"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"product_name": "SIMATIC WinCC V7.4",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_value": "All versions < V7.4 SP1 Update 14"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"product_name": "SIMATIC WinCC V7.5",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_value": "All versions < V7.5 SP1 Update 3"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"product_name": "SINAMICS STARTER",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_value": "All Versions < V5.4 HF2"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"product_name": "SINAMICS Startdrive",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_value": "All Versions < V16 Update 3"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"product_name": "SINEC NMS",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_value": "All versions < V1.0 SP2"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"product_name": "SINEMA Server",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_value": "All versions < V14 SP3"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"product_name": "SINUMERIK ONE virtual",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_value": "All Versions < V6.14"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"product_name": "SINUMERIK Operate",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_value": "All Versions < V6.14"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "CWE-428: Unquoted Search Path or Element"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "A vulnerability has been identified in SIMATIC Automation Tool (All versions < V4 SP2), SIMATIC NET PC Software V14 (All versions < V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions), SIMATIC NET PC Software V16 (All versions < V16 Upd3), SIMATIC PCS neo (All versions < V3.0 SP1), SIMATIC ProSave (All versions < V17), SIMATIC S7-1500 Software Controller (All versions < V21.8), SIMATIC STEP 7 (TIA Portal) V13 (All versions < V13 SP2 Update 4), SIMATIC STEP 7 (TIA Portal) V14 (All versions < V14 SP1 Update 10), SIMATIC STEP 7 (TIA Portal) V15 (All versions < V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 2), SIMATIC STEP 7 V5 (All versions < V5.6 SP2 HF3), SIMATIC WinCC OA V3.16 (All versions < V3.16 P018), SIMATIC WinCC OA V3.17 (All versions < V3.17 P003), SIMATIC WinCC Runtime Advanced (All versions < V16 Update 2), SIMATIC WinCC Runtime Professional V13 (All versions < V13 SP2 Update 4), SIMATIC WinCC Runtime Professional V14 (All versions < V14 SP1 Update 10), SIMATIC WinCC Runtime Professional V15 (All versions < V15.1 Update 5), SIMATIC WinCC Runtime Professional V16 (All versions < V16 Update 2), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 14), SIMATIC WinCC V7.5 (All versions < V7.5 SP1 Update 3), SINAMICS STARTER (All Versions < V5.4 HF2), SINAMICS Startdrive (All Versions < V16 Update 3), SINEC NMS (All versions < V1.0 SP2), SINEMA Server (All versions < V14 SP3), SINUMERIK ONE virtual (All Versions < V6.14), SINUMERIK Operate (All Versions < V6.14). A common component used by the affected applications regularly calls a helper binary with SYSTEM privileges while the call path is not quoted. This could allow a local attacker to execute arbitrary code with SYTEM privileges."
|
|
}
|
|
]
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"refsource": "MISC",
|
|
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-312271.pdf",
|
|
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-312271.pdf"
|
|
},
|
|
{
|
|
"refsource": "MISC",
|
|
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-161-04",
|
|
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-161-04"
|
|
}
|
|
]
|
|
}
|
|
} |