Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2020-7581

EPSS 0.05% · P15
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2020-7581

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
A vulnerability has been identified in Opcenter Execution Discrete (All versions < V3.2), Opcenter Execution Foundation (All versions < V3.2), Opcenter Execution Process (All versions < V3.2), Opcenter Intelligence (All versions < V3.3), Opcenter Quality (All versions < V11.3), Opcenter RD&L (V8.0), SIMATIC Notifier Server for Windows (All versions), SIMATIC PCS neo (All versions < V3.0 SP1), SIMATIC STEP 7 (TIA Portal) V15 (All versions < V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 2), SIMOCODE ES V15.1 (All versions < V15.1 Update 4), SIMOCODE ES V16 (All versions < V16 Update 1), Soft Starter ES V15.1 (All versions < V15.1 Update 3), Soft Starter ES V16 (All versions < V16 Update 1). A component within the affected application calls a helper binary with SYSTEM privileges during startup while the call path is not quoted. This could allow a local attacker with administrative privileges to execute code with SYSTEM level privileges.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
未经引用的搜索路径或元素
Source: NVD (National Vulnerability Database)
Vulnerability Title
Siemens Opcenter 代码问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Siemens Opcenter是德国西门子(Siemens)公司的一款用于工业实现实施到制造商实现全面数字化的一整套软件方案。 Siemens Opcenter 多款产品存在代码问题漏洞,该漏洞源于受影响的应用程序中的组件在启动期间会调用具有SYSTEM特权的辅助二进制文件,而不会引用调用路径。以下产品及版本受到影响:Opcenter Execution Discrete 3.2之前版本, Opcenter Execution Foundation 3.2之前版本, Opcenter Execution
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
SiemensOpcenter Execution Discrete All versions < V3.2 -
SiemensOpcenter Execution Foundation All versions < V3.2 -
SiemensOpcenter Execution Process All versions < V3.2 -
SiemensOpcenter Intelligence All versions < V3.3 -
SiemensOpcenter Quality All versions < V11.3 -
SiemensOpcenter RD&L V8.0 -
SiemensSIMATIC Notifier Server for Windows All versions -
SiemensSIMATIC PCS neo All versions < V3.0 SP1 -
SiemensSIMATIC STEP 7 (TIA Portal) V15 All versions < V15.1 Update 5 -
SiemensSIMATIC STEP 7 (TIA Portal) V16 All versions < V16 Update 2 -
SiemensSIMOCODE ES V15.1 All versions < V15.1 Update 4 -
SiemensSIMOCODE ES V16 All versions < V16 Update 1 -
SiemensSoft Starter ES V15.1 All versions < V15.1 Update 3 -
SiemensSoft Starter ES V16 All versions < V16 Update 1 -

II. Public POCs for CVE-2020-7581

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2020-7581

登录查看更多情报信息。

Same Patch Batch · Siemens · 2020-07-14 · 6 CVEs total

CVE-2020-7576Siemens Camstar Enterprise Platform和Opcenter Execution Core 跨站脚本漏洞
CVE-2020-7577Siemens Camstar Enterprise Platform和Opcenter Execution Core V8 SQL注入漏洞
CVE-2020-7578Siemens Camstar Enterprise Platform和Opcenter Execution Core 访问控制错误漏洞
CVE-2020-7587Siemens Opcenter 资源管理错误漏洞
CVE-2020-7588Siemens Opcenter 输入验证错误漏洞

IV. Related Vulnerabilities

Same product: Opcenter Execution Discrete
Same vendor: Siemens
Same weakness: CWE-428

V. Comments for CVE-2020-7581

No comments yet

Leave a comment