CVE-2020-7585Uncontrolled Search Path Element in Siemens Simatic Step 7

CWE-427Uncontrolled Search Path Element3 documents3 sources
Severity
7.8HIGHNVD
EPSS
0.1%
top 75.01%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Siemens Simatic Step 7Siemens Sinamics StarterSiemens Simatic PCS 7 V8.2 AND Earlier+3 more
Timeline
PublishedJun 10
Latest updateMay 24

Description

A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3), SIMATIC PDM (All versions < V9.2), SIMATIC STEP 7 V5.X (All versions < V5.6 SP2 HF3), SINAMICS STARTER (containing STEP 7 OEM version) (All versions < V5.4 HF2). A DLL Hijacking vulnerability could allow a local attacker to execute code with elevated privileges. The security vulnerability could be exploited by an attacker with local access to the affected systems. S

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages7 packages

CVEListV5siemens/simatic_step_7_v5.xAll versions < V5.6 SP2 HF3
CVEListV5siemens/simatic_pdmAll versions < V9.2
CVEListV5siemens/simatic_pcs_7_v9.0All versions < V9.0 SP3

🔴Vulnerability Details

2
GHSA
GHSA-g9x4-j57r-q497: A vulnerability has been identified in SIMATIC PCS 7 (All versions), SIMATIC PDM (All versions), SIMATIC STEP 7 V52022-05-24
CVEList
CVE-2020-7585: A vulnerability has been identified in SIMATIC PCS 7 V82020-06-10
CVE-2020-7585 — Uncontrolled Search Path Element | cvebase