CVE-2020-25238

7.8HIGH

Key Information:

Vendor
Siemens
Status
Pcs Neo (administration Console)
Tia Portal
Vendor
CVE Published:
9 February 2021

Summary

A vulnerability has been identified in PCS neo (Administration Console) (All versions < V3.1), TIA Portal (V15, V15.1 and V16). Manipulating certain files in specific folders could allow a local attacker to execute code with SYSTEM privileges. The security vulnerability could be exploited by an attacker with a valid account and limited access rights on the system.

Affected Version(s)

PCS neo (Administration Console) All versions < V3.1

TIA Portal V15, V15.1 and V16

References

https://cert-portal.siemens.com/productcert/pdf/ssa-42805...
x_refsource_MISC
https://www.kb.cert.org/vuls/id/466044
third-party-advisoryx_refsource_CERT-VN
https://us-cert.cisa.gov/ics/advisories/icsa-21-040-05
x_refsource_MISC

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.