admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 09:11:28 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2020/CVE-2020-75xx/CVE-2020-7580.json
cad-safe-bot 5fc0b01395 Auto-Update: 2024-12-15T03:00:19.262894+00:00
2024-12-15 03:03:56 +00:00

361 lines
17 KiB
JSON
Raw Blame History

{
"id": "CVE-2020-7580",
"sourceIdentifier": "productcert@siemens.com",
"published": "2020-06-10T17:15:12.347",
"lastModified": "2024-11-21T05:37:24.840",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SIMATIC Automation Tool (All versions < V4 SP2), SIMATIC NET PC Software V14 (All versions < V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions), SIMATIC NET PC Software V16 (All versions < V16 Upd3), SIMATIC PCS neo (All versions < V3.0 SP1), SIMATIC ProSave (All versions < V17), SIMATIC S7-1500 Software Controller (All versions < V21.8), SIMATIC STEP 7 (TIA Portal) V13 (All versions < V13 SP2 Update 4), SIMATIC STEP 7 (TIA Portal) V14 (All versions < V14 SP1 Update 10), SIMATIC STEP 7 (TIA Portal) V15 (All versions < V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 2), SIMATIC STEP 7 V5 (All versions < V5.6 SP2 HF3), SIMATIC WinCC OA V3.16 (All versions < V3.16 P018), SIMATIC WinCC OA V3.17 (All versions < V3.17 P003), SIMATIC WinCC Runtime Advanced (All versions < V16 Update 2), SIMATIC WinCC Runtime Professional V13 (All versions < V13 SP2 Update 4), SIMATIC WinCC Runtime Professional V14 (All versions < V14 SP1 Update 10), SIMATIC WinCC Runtime Professional V15 (All versions < V15.1 Update 5), SIMATIC WinCC Runtime Professional V16 (All versions < V16 Update 2), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 14), SIMATIC WinCC V7.5 (All versions < V7.5 SP1 Update 3), SINAMICS STARTER (All Versions < V5.4 HF2), SINAMICS Startdrive (All Versions < V16 Update 3), SINEC NMS (All versions < V1.0 SP2), SINEMA Server (All versions < V14 SP3), SINUMERIK ONE virtual (All Versions < V6.14), SINUMERIK Operate (All Versions < V6.14). A common component used by the affected applications regularly calls a helper binary with SYSTEM privileges while the call path is not quoted. This could allow a local attacker to execute arbitrary code with SYTEM privileges."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en SIMATIC Automation Tool (Todas las versiones anteriores a la versi\u00f3n V4 SP2), SIMATIC NET PC Software V14 (Todas las versiones anteriores a la versi\u00f3n V14 SP1 Update 14), SIMATIC NET PC Software V15 (Todas las versiones), SIMATIC NET PC Software V16 (Todas las versiones anteriores a la versi\u00f3n V16 Upd3), SIMATIC PCS neo (Todas las versiones anteriores a la versi\u00f3n V3.0 SP1), SIMATIC ProSave (Todas las versiones anteriores a la versi\u00f3n V17), SIMATIC S7-1500 Software Controller (Todas las versiones anteriores a la versi\u00f3n V21. 8), SIMATIC STEP 7 (Todas las versiones anteriores a la versi\u00f3n V5.6 SP2 HF3), SIMATIC STEP 7 (TIA Portal) V13 (Todas las versiones anteriores a la versi\u00f3n V13 SP2 Update 4), SIMATIC STEP 7 (TIA Portal) V14 (Todas las versiones anteriores a la versi\u00f3n V14 SP1 Update 10), SIMATIC STEP 7 (TIA Portal) V15 (Todas las versiones anteriores a la versi\u00f3n V15. 1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (Todas las versiones anteriores a la versi\u00f3n V16 Update 2), SIMATIC WinCC OA V3.16 (Todas las versiones anteriores a la versi\u00f3n V3.16 P018), SIMATIC WinCC OA V3. 17 (Todas las versiones anteriores a la versi\u00f3n V3.17 P003), SIMATIC WinCC Runtime Advanced (Todas las versiones anteriores a la versi\u00f3n V16 Update 2), SIMATIC WinCC Runtime Professional V13 (Todas las versiones anteriores a la versi\u00f3n V13 SP2 Update 4), SIMATIC WinCC Runtime Professional V14 (Todas las versiones anteriores a la versi\u00f3n V14 SP1 Update 10), SIMATIC WinCC Runtime Professional V15 (Todas las versiones anteriores a la versi\u00f3n V15.1 Update 5), SIMATIC WinCC Runtime Professional V16 (Todas las versiones anteriores a la versi\u00f3n V16 Update 2), SIMATIC WinCC V7. 4 (Todas las versiones anteriores a la versi\u00f3n V7.4 SP1 Update 14), SIMATIC WinCC V7.5 (Todas las versiones anteriores a la versi\u00f3n V7.5 SP1 Update 3), SINAMICS STARTER (Todas las versiones anteriores a la versi\u00f3n V5.4 HF2), SINAMICS Startdrive (Todas las versiones anteriores a la versi\u00f3n V16 Update 3), SINEC NMS (Todas las versiones anteriores a la versi\u00f3n V1. 0 SP2), SINEMA Server (Todas las versiones anteriores a la versi\u00f3n V14 SP3), SINUMERIK ONE virtual (Todas las versiones anteriores a la versi\u00f3n V6.14), SINUMERIK Operate (Todas las versiones anteriores a la versi\u00f3n V6.14). Un componente dentro de la aplicaci\u00f3n afectada llama regularmente a un binario de ayuda con privilegios de SISTEMA mientras la ruta de llamada no est\u00e1 citada"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"baseScore": 7.2,
"accessVector": "LOCAL",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"availabilityImpact": "COMPLETE"
},
"baseSeverity": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "productcert@siemens.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-428"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-428"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:simatic_automatic_tool:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A659B687-1038-42F5-B8AC-A394E41D22A8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:simatic_net_pc:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16",
"matchCriteriaId": "744B5953-511F-42CA-80A0-DBE36A6AA144"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:simatic_net_pc:16:-:*:*:*:*:*:*",
"matchCriteriaId": "496E3C43-5DA8-4983-8AC6-0F32454E22F3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:simatic_net_pc:16:update1:*:*:*:*:*:*",
"matchCriteriaId": "17BCC3CD-61D0-416D-A241-D35AF8EE5BF8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:simatic_pcs_7:*:*:*:*:*:*:*:*",
"matchCriteriaId": "13E3BDF0-B691-4A97-A74A-A65EC910480E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:simatic_pcs_neo:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D61D4B81-7F51-49BE-83DD-D2C28D23B0EA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:simatic_prosave:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CB7752CF-D754-4A78-999B-45FE379E03DE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:simatic_s7-1500_software_controller:*:*:*:*:*:*:*:*",
"versionEndExcluding": "21.8",
"matchCriteriaId": "658E1A3F-29D6-48D2-BCCE-0BCC41AC49F6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:simatic_step_7:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.6",
"matchCriteriaId": "CAF09D6E-3375-4731-B16D-30B7592EA5FB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:simatic_step_7:*:*:*:*:*:*:*:*",
"versionStartIncluding": "13",
"versionEndIncluding": "16",
"matchCriteriaId": "1A3CA33C-AFAB-418F-870F-0236B8E55943"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:simatic_step_7:5.6:-:*:*:*:*:*:*",
"matchCriteriaId": "851F8474-4568-487D-98FB-47DF7EAEAC3B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:simatic_step_7:5.6:sp1:*:*:*:*:*:*",
"matchCriteriaId": "81EADA2F-884C-4D72-8489-71025B3EBAEE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:simatic_step_7:5.6:sp2:*:*:*:*:*:*",
"matchCriteriaId": "78366D2F-B728-47F6-B539-5FB2D1B0419D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:simatic_step_7:5.6:sp2_hotfix1:*:*:*:*:*:*",
"matchCriteriaId": "06A86DA0-BC1F-4306-B02E-ED2FA36BE273"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:simatic_wincc:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.4",
"matchCriteriaId": "3F39B396-140B-4005-9A61-F984C9FAF742"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:simatic_wincc:7.4:-:*:*:*:*:*:*",
"matchCriteriaId": "3B0BD5DE-C6EF-4B89-831B-DA34DB0D68F6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:simatic_wincc:7.4:sp1:*:*:*:*:*:*",
"matchCriteriaId": "2637C346-8AAF-481F-AFB0-BAD4254D14F4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update1:*:*:*:*:*:*",
"matchCriteriaId": "BF8404AB-579E-4C6B-BCA7-E95F2CE24F7D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update10:*:*:*:*:*:*",
"matchCriteriaId": "88F6B3BF-727F-432E-89D8-37FB7C76FE2B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update11:*:*:*:*:*:*",
"matchCriteriaId": "62EB588C-CBB4-4B17-9BB5-B14B1FC6BB21"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update12:*:*:*:*:*:*",
"matchCriteriaId": "AF3F613C-6707-4517-B4B8-530C912B79E6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update13:*:*:*:*:*:*",
"matchCriteriaId": "590F62CE-9245-4AC9-9FBC-35136E217B0E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update2:*:*:*:*:*:*",
"matchCriteriaId": "241D5A28-FB22-4C5B-A067-733168E847BF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update3:*:*:*:*:*:*",
"matchCriteriaId": "A5418F92-84A9-439C-B86C-ED5820697603"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update4:*:*:*:*:*:*",
"matchCriteriaId": "40631FBD-116B-4589-B77A-6C5A69990F73"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update5:*:*:*:*:*:*",
"matchCriteriaId": "64B14972-6163-4D44-A9C6-16328E02AC69"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update6:*:*:*:*:*:*",
"matchCriteriaId": "8929E926-740F-4F17-B52C-4C73914B1818"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update7:*:*:*:*:*:*",
"matchCriteriaId": "D4F72666-D10A-4EB2-80D3-18B04C101256"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update8:*:*:*:*:*:*",
"matchCriteriaId": "0E343221-1E1A-4EE7-80AE-AB24E2244BA0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update9:*:*:*:*:*:*",
"matchCriteriaId": "1BF716D7-0A77-400F-9B43-64FBE3E65735"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:simatic_wincc:7.5:-:*:*:*:*:*:*",
"matchCriteriaId": "E79DA14E-419C-49BA-8E4F-2907E1D8937F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:simatic_wincc:7.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "81F9C13C-065C-4E40-BB46-687D791348A9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:simatic_wincc:7.5:sp1_update1:*:*:*:*:*:*",
"matchCriteriaId": "5CF06E69-0A23-418D-B0EC-574DACBB4DD9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:simatic_wincc:7.5:sp1_update2:*:*:*:*:*:*",
"matchCriteriaId": "9164EAC1-C416-4F1F-A910-CE84A167A6D1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:simatic_wincc_open_architecture:3.16:*:*:*:*:*:*:*",
"matchCriteriaId": "4B9ED7EF-EF58-400F-92C9-3D52D8E39783"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:simatic_wincc_open_architecture:3.17:*:*:*:*:*:*:*",
"matchCriteriaId": "1C3F9210-7A1E-4B10-B384-119FD5733A86"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:simatic_wincc_runtime_advanced:*:*:*:*:*:*:*:*",
"matchCriteriaId": "79EE15DC-74D3-4551-AAD0-EA0CB600DA76"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:simatic_wincc_runtime_professional:*:*:*:*:*:*:*:*",
"versionStartIncluding": "13",
"versionEndIncluding": "16",
"matchCriteriaId": "3C9253AD-BD82-4BB2-84AD-EB1892B60358"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:sinamics_startdrive:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C11DB09A-74E1-45EF-A162-9C1E91F54C04"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:sinamics_starter_commissioning_tool:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1976CDDA-F2AF-4C47-804E-2C1DF44FBF41"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:sinec_network_management_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "52F7076E-12F7-4F62-9804-18598C39D3FF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:sinema_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C55DA617-6333-40DA-AB7D-EE49A453E143"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:sinumerik_one_virtual:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A607E4B7-2F58-4F68-91EB-16874986E92F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:sinumerik_operate:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BAFC5C25-EC3C-4EB6-B5B2-478AE9CEF10F"
}
]
}
]
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-312271.pdf",
"source": "productcert@siemens.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-161-04",
"source": "productcert@siemens.com",
"tags": [
"Third Party Advisory",
"US Government Resource"
]
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-312271.pdf",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-161-04",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink