Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
EUVDB-ID: #VU28934
Risk: Low
CVSSv3.1: 6.4 [CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-7585
CWE-ID:
CWE-427 - Uncontrolled Search Path Element
Exploit availability: No
DescriptionThe vulnerability allows a local user to compromise vulnerable system.
The vulnerability exists due to the application loads DLL libraries in an insecure manner. A local user can use a specially crafted .dll file, trick the victim into opening a file, associated with the vulnerable application, and execute arbitrary code on victim's system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsSIMATIC PCS 7: All versions
SIMATIC PDM: All versions
SIMATIC STEP 7: before 5.6 SP2 HF3
SINAMICS STARTER: before 5.4 HF1
External linkshttp://ics-cert.us-cert.gov/advisories/icsa-20-161-05
http://cert-portal.siemens.com/productcert/pdf/ssa-689942.pdf
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU28935
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-7586
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error. A local user can pass specially crafted data to the applicatoin, trigger heap-based buffer overflow and cause a denial of service condition on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsSIMATIC PCS 7: All versions
SIMATIC PDM: All versions
SIMATIC STEP 7: before 5.6 SP2 HF3
SINAMICS STARTER: before 5.4 HF1
External linkshttp://ics-cert.us-cert.gov/advisories/icsa-20-161-05
http://cert-portal.siemens.com/productcert/pdf/ssa-689942.pdf
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU28936
Risk: Low
CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-7580
CWE-ID:
CWE-428 - Unquoted Search Path or Element
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code on the target system.
The vulnerability exist due to a component within the affected application that regularly calls a helper binary with SYSTEM privileges while the call path is not quoted. A local administrator can execute arbitrary code with SYSTEM level privileges.
MitigationInstall updates from vendor's website.
Vulnerable software versionsSIMATIC Automation Tool: All versions
SIMATIC NET PC Software: 16
SIMATIC PCS 7: All versions
SIMATIC PCS neo: All versions
SIMATIC ProSave: All versions
SIMATIC S7-1500 Software Controller: All versions
SIMATIC STEP 7: before 5.6 SP2 HF3
SIMATIC STEP 7 (TIA Portal): 13.0 - 16.0
SIMATIC WinCC OA: before 3.17-P003
SIMATIC WinCC Runtime Professional: 13.0 - 16.0
Siemens SIMATIC WinCC: before 7.5 SP1 Update 3
SINAMICS Startdrive: All versions
SINEC NMS: All versions
SINEMA Server: All versions
SINUMERIK ONE virtual: All versions
SINUMERIK Operate: All versions
External linkshttp://ics-cert.us-cert.gov/advisories/icsa-20-161-04
http://cert-portal.siemens.com/productcert/pdf/ssa-312271.pdf
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.