#VU28936 Unquoted Search Path or Element in Siemens products - CVE-2020-7580
Published: June 10, 2020
Vulnerability identifier: #VU28936
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2020-7580
CWE-ID: CWE-428
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
SIMATIC Automation Tool
SINEMA Server
SIMATIC NET PC Software
SIMATIC PCS 7
SIMATIC S7-1500 Software Controller
SIMATIC STEP 7
SIMATIC STEP 7 (TIA Portal)
SIMATIC WinCC OA
SIMATIC WinCC Runtime Professional
Siemens SIMATIC WinCC
SINUMERIK ONE virtual
SINUMERIK Operate
SIMATIC PCS neo
SIMATIC ProSave
SINAMICS Startdrive
SINEC NMS
SIMATIC Automation Tool
SINEMA Server
SIMATIC NET PC Software
SIMATIC PCS 7
SIMATIC S7-1500 Software Controller
SIMATIC STEP 7
SIMATIC STEP 7 (TIA Portal)
SIMATIC WinCC OA
SIMATIC WinCC Runtime Professional
Siemens SIMATIC WinCC
SINUMERIK ONE virtual
SINUMERIK Operate
SIMATIC PCS neo
SIMATIC ProSave
SINAMICS Startdrive
SINEC NMS
Software vendor:
Siemens
Siemens
Description
The vulnerability allows a local user to execute arbitrary code on the target system.
The vulnerability exist due to a component within the affected application that regularly calls a helper binary with SYSTEM privileges while the call path is not quoted. A local administrator can execute arbitrary code with SYSTEM level privileges.
Remediation
Install updates from vendor's website.