Unquoted Search Path or Element in Siemens products - CVE-2020-7580

 

Unquoted Search Path or Element in Siemens products - CVE-2020-7580

Published: June 10, 2020


Vulnerability identifier: #VU28936
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2020-7580
CWE-ID: CWE-428
Exploitation vector: Local access
Exploit availability: No public exploit available
Vendor: Siemens
Affected software:
SIMATIC Automation Tool
SINEMA Server
SIMATIC NET PC Software
SIMATIC PCS 7
SIMATIC S7-1500 Software Controller
SIMATIC STEP 7
SIMATIC STEP 7 (TIA Portal)
SIMATIC WinCC OA
SIMATIC WinCC Runtime Professional
Siemens SIMATIC WinCC
SINUMERIK ONE virtual
SINUMERIK Operate
SIMATIC PCS neo
SIMATIC ProSave
SINAMICS Startdrive
SINEC NMS

Detailed vulnerability description

The vulnerability allows a local user to execute arbitrary code on the target system. 

The vulnerability exist due to a component within the affected application that regularly calls a helper binary with SYSTEM privileges while the call path is not quoted. A local administrator can execute arbitrary code with SYSTEM level privileges.


How to mitigate CVE-2020-7580

Install updates from vendor's website.

Sources