CVE-2020-7585 Information

Description

A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions) SIMATIC PCS 7 V9.0 (All versions V9.0 SP3) SIMATIC PDM (All versions) SIMATIC STEP 7 V5.X (All versions V5.6 SP2 HF3) SINAMICS STARTER (containing STEP 7 OEM version) (All versions V5.4 HF1). A DLL Hijacking vulnerability could allow a local attacker to execute code with elevated privileges. The security vulnerability could be exploited by an attacker with local access to the affected systems. Successful exploitation requires user privileges but no user interaction. The vulnerability could allow an attacker to compromise the availability of the system as well as to have access to confidential information.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Reference

https://cert-portal.siemens.com/productcert/pdf/ssa-689942.pdf https://www.us-cert.gov/ics/advisories/icsa-20-161-05

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

7.8