Local Code Execution Vulnerability in Siemens Products
CVE-2020-7581

6.7MEDIUM

Key Information:

Vendor: Siemens
Status: Opcenter Execution Discrete; Opcenter Execution Foundation; Opcenter Execution Process; Opcenter Intelligence
Vendor: CVE Published:; 14 July 2020

Summary

A local code execution vulnerability exists in several Siemens products due to a component calling a helper binary with SYSTEM privileges during startup. The call path is not quoted, which may permit an attacker with administrative access to exploit this flaw, potentially allowing for unauthorized execution of code at SYSTEM level. This could lead to significant security risks, including unauthorized access and system manipulation.

Affected Version(s)

Opcenter Execution Discrete All versions < V3.2

Opcenter Execution Foundation All versions < V3.2

Opcenter Execution Process All versions < V3.2

References

https://cert-portal.siemens.com/productcert/pdf/ssa-84134...

x_refsource_MISC

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 14, 2020
Vulnerability Reserved
Jan 21, 2020