Multiple vulnerabilities in Siemens UMC Stack



Published: 2020-07-15
Risk Medium
Patch available YES
Number of vulnerabilities 3
CVE-ID CVE-2020-7581
CVE-2020-7587
CVE-2020-7588
CWE-ID CWE-428
CWE-400
CWE-20
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
Opcenter Execution Discrete
Server applications / SCADA systems

Opcenter Execution Foundation
Server applications / SCADA systems

Opcenter Execution Process
Server applications / SCADA systems

Opcenter Intelligence
Server applications / SCADA systems

Opcenter Quality
Server applications / SCADA systems

Opcenter RD&L
Server applications / SCADA systems

SIMATIC IT LMS
Server applications / SCADA systems

SIMATIC IT Production Suite
Server applications / SCADA systems

SIMATIC Notifier Server for Windows
Server applications / SCADA systems

SIMATIC STEP 7 (TIA Portal)
Server applications / SCADA systems

SIMOCODE ES
Server applications / SCADA systems

SIMATIC PCS neo
Web applications / Other software

Soft Starter ES
Other software / Other software solutions

Vendor Siemens

Security Bulletin

This security bulletin contains information about 3 vulnerabilities.

1) Unquoted Search Path or Element

EUVDB-ID: #VU29944

Risk: Low

CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-7581

CWE-ID: CWE-428 - Unquoted Search Path or Element

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code on the target system. 

The vulnerability exist due to a component within the affected application calls a helper binary with SYSTEM privileges during startup while the call path is not quoted. A local administrator can execute arbitrary code with SYSTEM level privileges.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Opcenter Execution Discrete: before 3.2

Opcenter Execution Foundation: before 3.2

Opcenter Execution Process: before 3.2

Opcenter Intelligence: All versions

Opcenter Quality: before 11.3

Opcenter RD&L: 8.0

SIMATIC IT LMS: All versions

SIMATIC IT Production Suite: All versions

SIMATIC Notifier Server for Windows: All versions

SIMATIC PCS neo: All versions

SIMATIC STEP 7 (TIA Portal): 15.0 - 16.0

SIMOCODE ES: All versions

Soft Starter ES: All versions

External links

http://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdf


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Resource exhaustion

EUVDB-ID: #VU29945

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-7587

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Opcenter Execution Discrete: before 3.2

Opcenter Execution Foundation: before 3.2

Opcenter Execution Process: before 3.2

Opcenter Intelligence: All versions

Opcenter Quality: before 11.3

Opcenter RD&L: 8.0

SIMATIC IT LMS: All versions

SIMATIC IT Production Suite: All versions

SIMATIC Notifier Server for Windows: All versions

SIMATIC PCS neo: All versions

SIMATIC STEP 7 (TIA Portal): 15.0 - 16.0

SIMOCODE ES: All versions

Soft Starter ES: All versions

External links

http://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdf


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Input validation error

EUVDB-ID: #VU29948

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-7588

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Opcenter Execution Discrete: before 3.2

Opcenter Execution Foundation: before 3.2

Opcenter Execution Process: before 3.2

Opcenter Intelligence: All versions

Opcenter Quality: before 11.3

Opcenter RD&L: 8.0

SIMATIC IT LMS: All versions

SIMATIC IT Production Suite: All versions

SIMATIC Notifier Server for Windows: All versions

SIMATIC PCS neo: All versions

SIMATIC STEP 7 (TIA Portal): 15.0 - 16.0

SIMOCODE ES: All versions

Soft Starter ES: All versions

External links

http://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdf


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###