Remote Denial-of-Service in Siemens Opcenter and SIMATIC Products
CVE-2020-7587

8.2HIGH

Key Information:

Vendor: Siemens
Status: Opcenter Execution Discrete; Opcenter Execution Foundation; Opcenter Execution Process; Opcenter Intelligence
Vendor: CVE Published:; 14 July 2020

Summary

A weakness has been discovered in various Siemens Opcenter and SIMATIC products that allows an attacker to send specially crafted packets to the affected services. This can induce a partial remote denial-of-service, causing the service to restart unexpectedly. In some instances, this vulnerability could also result in the unintended disclosure of random information from the remote service, thereby presenting potential risks to data integrity and system stability.

Affected Version(s)

Opcenter Execution Discrete All versions < V3.2

Opcenter Execution Foundation All versions < V3.2

Opcenter Execution Process All versions < V3.2

References

https://cert-portal.siemens.com/productcert/pdf/ssa-84134...

x_refsource_MISC

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 14, 2020
Vulnerability Reserved
Jan 21, 2020