CVE-2020-7580 — Unquoted Search Path or Element in Siemens Simatic NET PC

CWE-428 — Unquoted Search Path or Element3 documents3 sources

Severity

6.7MEDIUMNVD

EPSS

0.0%

top 85.04%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Siemens Simatic NET PC Siemens Simatic S7-1500 Software Controller Siemens Simatic Step 7 +29 more

Timeline

PublishedJun 10

Latest updateMay 24

Description

A vulnerability has been identified in SIMATIC Automation Tool (All versions < V4 SP2), SIMATIC NET PC Software V14 (All versions < V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions), SIMATIC NET PC Software V16 (All versions < V16 Upd3), SIMATIC PCS neo (All versions < V3.0 SP1), SIMATIC ProSave (All versions < V17), SIMATIC S7-1500 Software Controller (All versions < V21.8), SIMATIC STEP 7 (TIA Portal) V13 (All versions < V13 SP2 Update 4), SIMATIC STEP 7 (TIA Portal) V14 (All vers…

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages33 packages

▶NVDsiemens/simatic_wincc_runtime_professional13 — 16

▶CVEListV5siemens/simatic_wincc_runtime_professional_v13All versions < V13 SP2 Update 4

▶CVEListV5siemens/simatic_wincc_runtime_professional_v14All versions < V14 SP1 Update 10

▶CVEListV5siemens/simatic_wincc_runtime_professional_v15All versions < V15.1 Update 5

▶CVEListV5siemens/simatic_wincc_runtime_professional_v16All versions < V16 Update 2

🔴Vulnerability Details

GHSA

GHSA-gw48-mf2p-74mv: A vulnerability has been identified in SIMATIC Automation Tool (All versions), SIMATIC NET PC software (All versions V16 < V16 Upd3), SIMATIC PCS 7 (A↗2022-05-24

▶

CVEList

CVE-2020-7580: A vulnerability has been identified in SIMATIC Automation Tool (All versions < V4 SP2), SIMATIC NET PC Software V14 (All versions < V14 SP1 Update 14)↗2020-06-10

▶