Vulnerability Change Records for CVE-2020-7586

Change History

CVE Modified by Siemens AG 6/10/2020 6:15:11 PM

Action Type Old Value New Value
Added Reference

								
							
							
						
https://www.us-cert.gov/ics/advisories/icsa-20-161-05 [No Types Assigned]

CVE Modified by Siemens AG 12/14/2020 4:15:21 PM

Action Type Old Value New Value
Changed Description
A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3), SIMATIC PDM (All versions), SIMATIC STEP 7 V5.X (All versions < V5.6 SP2 HF3), SINAMICS STARTER (containing STEP 7 OEM version) (All versions < V5.4 HF1). A buffer overflow vulnerability could allow a local attacker to cause a Denial-of-Service situation. The security vulnerability could be exploited by an attacker with local access to the affected systems. Successful exploitation requires user privileges but no user interaction. The vulnerability could allow an attacker to compromise the availability of the system as well as to have access to confidential information.
A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3), SIMATIC PDM (All versions), SIMATIC STEP 7 V5.X (All versions < V5.6 SP2 HF3), SINAMICS STARTER (containing STEP 7 OEM version) (All versions < V5.4 HF2). A buffer overflow vulnerability could allow a local attacker to cause a Denial-of-Service situation.

The security vulnerability could be exploited by an attacker with local access to the affected systems. Successful exploitation requires user privileges but no user interaction. The vulnerability could allow an attacker to compromise the availability of the system as well as to have access to confidential information.

Initial Analysis 6/15/2020 4:3:50 PM

Action Type Old Value New Value
Added CPE Configuration

								
							
							
						
OR
     *cpe:2.3:a:siemens:simatic_pcs_7:*:*:*:*:*:*:*:*
     *cpe:2.3:a:siemens:simatic_process_device_manager:*:*:*:*:*:*:*:*
     *cpe:2.3:a:siemens:simatic_step_7:*:*:*:*:*:*:*:* versions up to (excluding) 5.6
     *cpe:2.3:a:siemens:simatic_step_7:5.6:-:*:*:*:*:*:*
     *cpe:2.3:a:siemens:simatic_step_7:5.6:sp1:*:*:*:*:*:*
     *cpe:2.3:a:siemens:simatic_step_7:5.6:sp2:*:*:*:*:*:*
     *cpe:2.3:a:siemens:simatic_step_7:5.6:sp2_hotfix1:*:*:*:*:*:*
     *cpe:2.3:a:siemens:sinamics_starter:*:*:*:*:*:*:*:* versions up to (excluding) 5.4
     *cpe:2.3:a:siemens:sinamics_starter:5.4:-:*:*:*:*:*:*
Added CVSS V2

								
							
							
						
NIST (AV:L/AC:L/Au:N/C:P/I:P/A:P)
Added CVSS V3.1

								
							
							
						
NIST AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Added CWE

								
							
							
						
NIST CWE-787
Changed Reference Type
https://cert-portal.siemens.com/productcert/pdf/ssa-689942.pdf No Types Assigned
https://cert-portal.siemens.com/productcert/pdf/ssa-689942.pdf Vendor Advisory
Changed Reference Type
https://www.us-cert.gov/ics/advisories/icsa-20-161-05 No Types Assigned
https://www.us-cert.gov/ics/advisories/icsa-20-161-05 Third Party Advisory, US Government Resource

CVE Modified by Siemens AG 7/14/2020 10:15:18 AM

Action Type Old Value New Value
Changed Description
A vulnerability has been identified in SIMATIC PCS 7 (All versions), SIMATIC PDM (All versions), SIMATIC STEP 7 V5.X (All versions < V5.6 SP2 HF3), SINAMICS STARTER (containing STEP 7 OEM version) (All versions < V5.4 HF1). A buffer overflow vulnerability could allow a local attacker to cause a Denial-of-Service situation. The security vulnerability could be exploited by an attacker with local access to the affected systems. Successful exploitation requires user privileges but no user interaction. The vulnerability could allow an attacker to compromise the availability of the system as well as to have access to confidential information.
A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3), SIMATIC PDM (All versions), SIMATIC STEP 7 V5.X (All versions < V5.6 SP2 HF3), SINAMICS STARTER (containing STEP 7 OEM version) (All versions < V5.4 HF1). A buffer overflow vulnerability could allow a local attacker to cause a Denial-of-Service situation. The security vulnerability could be exploited by an attacker with local access to the affected systems. Successful exploitation requires user privileges but no user interaction. The vulnerability could allow an attacker to compromise the availability of the system as well as to have access to confidential information.