{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2020-7580","assignerOrgId":"cec7a2ec-15b4-4faf-bd53-b40f371f3a77","assignerShortName":"siemens","dateUpdated":"2024-08-04T09:33:19.492Z","dateReserved":"2020-01-21T00:00:00.000Z","datePublished":"2020-06-10T00:00:00.000Z"},"containers":{"cna":{"providerMetadata":{"orgId":"cec7a2ec-15b4-4faf-bd53-b40f371f3a77","shortName":"siemens","dateUpdated":"2022-12-13T00:00:00.000Z"},"descriptions":[{"lang":"en","value":"A vulnerability has been identified in SIMATIC Automation Tool (All versions < V4 SP2), SIMATIC NET PC Software V14 (All versions < V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions), SIMATIC NET PC Software V16 (All versions < V16 Upd3), SIMATIC PCS neo (All versions < V3.0 SP1), SIMATIC ProSave (All versions < V17), SIMATIC S7-1500 Software Controller (All versions < V21.8), SIMATIC STEP 7 (TIA Portal) V13 (All versions < V13 SP2 Update 4), SIMATIC STEP 7 (TIA Portal) V14 (All versions < V14 SP1 Update 10), SIMATIC STEP 7 (TIA Portal) V15 (All versions < V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 2), SIMATIC STEP 7 V5 (All versions < V5.6 SP2 HF3), SIMATIC WinCC OA V3.16 (All versions < V3.16 P018), SIMATIC WinCC OA V3.17 (All versions < V3.17 P003), SIMATIC WinCC Runtime Advanced (All versions < V16 Update 2), SIMATIC WinCC Runtime Professional V13 (All versions < V13 SP2 Update 4), SIMATIC WinCC Runtime Professional V14 (All versions < V14 SP1 Update 10), SIMATIC WinCC Runtime Professional V15 (All versions < V15.1 Update 5), SIMATIC WinCC Runtime Professional V16 (All versions < V16 Update 2), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 14), SIMATIC WinCC V7.5 (All versions < V7.5 SP1 Update 3), SINAMICS STARTER (All Versions < V5.4 HF2), SINAMICS Startdrive (All Versions < V16 Update 3), SINEC NMS (All versions < V1.0 SP2), SINEMA Server (All versions < V14 SP3), SINUMERIK ONE virtual (All Versions < V6.14), SINUMERIK Operate (All Versions < V6.14). A common component used by the affected applications regularly calls a helper binary with SYSTEM privileges while the call path is not quoted. This could allow a local attacker to execute arbitrary code with SYTEM privileges."}],"affected":[{"vendor":"Siemens","product":"SIMATIC Automation Tool","versions":[{"version":"All versions < V4 SP2","status":"affected"}]},{"vendor":"Siemens","product":"SIMATIC NET PC Software V14","versions":[{"version":"All versions < V14 SP1 Update 14","status":"affected"}]},{"vendor":"Siemens","product":"SIMATIC NET PC Software V15","versions":[{"version":"All versions","status":"affected"}]},{"vendor":"Siemens","product":"SIMATIC NET PC Software V16","versions":[{"version":"All versions < V16 Upd3","status":"affected"}]},{"vendor":"Siemens","product":"SIMATIC PCS neo","versions":[{"version":"All versions < V3.0 SP1","status":"affected"}]},{"vendor":"Siemens","product":"SIMATIC ProSave","versions":[{"version":"All versions < V17","status":"affected"}]},{"vendor":"Siemens","product":"SIMATIC S7-1500 Software Controller","versions":[{"version":"All versions < V21.8","status":"affected"}]},{"vendor":"Siemens","product":"SIMATIC STEP 7 (TIA Portal) V13","versions":[{"version":"All versions < V13 SP2 Update 4","status":"affected"}]},{"vendor":"Siemens","product":"SIMATIC STEP 7 (TIA Portal) V14","versions":[{"version":"All versions < V14 SP1 Update 10","status":"affected"}]},{"vendor":"Siemens","product":"SIMATIC STEP 7 (TIA Portal) V15","versions":[{"version":"All versions < V15.1 Update 5","status":"affected"}]},{"vendor":"Siemens","product":"SIMATIC STEP 7 (TIA Portal) V16","versions":[{"version":"All versions < V16 Update 2","status":"affected"}]},{"vendor":"Siemens","product":"SIMATIC STEP 7 V5","versions":[{"version":"All versions < V5.6 SP2 HF3","status":"affected"}]},{"vendor":"Siemens","product":"SIMATIC WinCC OA V3.16","versions":[{"version":"All versions < V3.16 P018","status":"affected"}]},{"vendor":"Siemens","product":"SIMATIC WinCC OA V3.17","versions":[{"version":"All versions < V3.17 P003","status":"affected"}]},{"vendor":"Siemens","product":"SIMATIC WinCC Runtime Advanced","versions":[{"version":"All versions < V16 Update 2","status":"affected"}]},{"vendor":"Siemens","product":"SIMATIC WinCC Runtime Professional V13","versions":[{"version":"All versions < V13 SP2 Update 4","status":"affected"}]},{"vendor":"Siemens","product":"SIMATIC WinCC Runtime Professional V14","versions":[{"version":"All versions < V14 SP1 Update 10","status":"affected"}]},{"vendor":"Siemens","product":"SIMATIC WinCC Runtime Professional V15","versions":[{"version":"All versions < V15.1 Update 5","status":"affected"}]},{"vendor":"Siemens","product":"SIMATIC WinCC Runtime Professional V16","versions":[{"version":"All versions < V16 Update 2","status":"affected"}]},{"vendor":"Siemens","product":"SIMATIC WinCC V7.4","versions":[{"version":"All versions < V7.4 SP1 Update 14","status":"affected"}]},{"vendor":"Siemens","product":"SIMATIC WinCC V7.5","versions":[{"version":"All versions < V7.5 SP1 Update 3","status":"affected"}]},{"vendor":"Siemens","product":"SINAMICS STARTER","versions":[{"version":"All Versions < V5.4 HF2","status":"affected"}]},{"vendor":"Siemens","product":"SINAMICS Startdrive","versions":[{"version":"All Versions < V16 Update 3","status":"affected"}]},{"vendor":"Siemens","product":"SINEC NMS","versions":[{"version":"All versions < V1.0 SP2","status":"affected"}]},{"vendor":"Siemens","product":"SINEMA Server","versions":[{"version":"All versions < V14 SP3","status":"affected"}]},{"vendor":"Siemens","product":"SINUMERIK ONE virtual","versions":[{"version":"All Versions < V6.14","status":"affected"}]},{"vendor":"Siemens","product":"SINUMERIK Operate","versions":[{"version":"All Versions < V6.14","status":"affected"}]}],"references":[{"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-312271.pdf"},{"url":"https://us-cert.cisa.gov/ics/advisories/icsa-20-161-04"}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-428: Unquoted Search Path or Element","cweId":"CWE-428"}]}]},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-04T09:33:19.492Z"},"title":"CVE Program Container","references":[{"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-312271.pdf","tags":["x_transferred"]},{"url":"https://us-cert.cisa.gov/ics/advisories/icsa-20-161-04","tags":["x_transferred"]}]}]}}