Unquoted Search Path or Element in Siemens Other software

#VU29944 Unquoted Search Path or Element in Siemens Other software

Published: 2020-07-15

Vulnerability identifier: #VU29944

Vulnerability risk: Low

CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-7581

CWE-ID: CWE-428

Exploitation vector: Local

Exploit availability: No

Vendor: Siemens

Description

The vulnerability allows a local user to execute arbitrary code on the target system.

The vulnerability exist due to a component within the affected application calls a helper binary with SYSTEM privileges during startup while the call path is not quoted. A local administrator can execute arbitrary code with SYSTEM level privileges.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Opcenter Execution Discrete: All versions

Opcenter Execution Foundation: All versions

Opcenter Execution Process: All versions

Opcenter Intelligence: All versions

Opcenter Quality: All versions

Opcenter RD&L: 8.0

SIMATIC IT LMS: All versions

SIMATIC IT Production Suite: All versions

SIMATIC Notifier Server for Windows: All versions

SIMATIC PCS neo: All versions

SIMATIC STEP 7 (TIA Portal): 15.0 - 16.0

SIMOCODE ES: All versions

Soft Starter ES: All versions

External links
http://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdf

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Siemens UMC Stack