CVE-2020-7580

Description

A vulnerability has been identified in SIMATIC Automation Tool (All versions < V4 SP2), SIMATIC NET PC Software V14 (All versions < V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions), SIMATIC NET PC Software V16 (All versions < V16 Upd3), SIMATIC PCS neo (All versions < V3.0 SP1), SIMATIC ProSave (All versions < V17), SIMATIC S7-1500 Software Controller (All versions < V21.8), SIMATIC STEP 7 (TIA Portal) V13 (All versions < V13 SP2 Update 4), SIMATIC STEP 7 (TIA Portal) V14 (All versions < V14 SP1 Update 10), SIMATIC STEP 7 (TIA Portal) V15 (All versions < V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 2), SIMATIC STEP 7 V5 (All versions < V5.6 SP2 HF3), SIMATIC WinCC OA V3.16 (All versions < V3.16 P018), SIMATIC WinCC OA V3.17 (All versions < V3.17 P003), SIMATIC WinCC Runtime Advanced (All versions < V16 Update 2), SIMATIC WinCC Runtime Professional V13 (All versions < V13 SP2 Update 4), SIMATIC WinCC Runtime Professional V14 (All versions < V14 SP1 Update 10), SIMATIC WinCC Runtime Professional V15 (All versions < V15.1 Update 5), SIMATIC WinCC Runtime Professional V16 (All versions < V16 Update 2), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 14), SIMATIC WinCC V7.5 (All versions < V7.5 SP1 Update 3), SINAMICS STARTER (All Versions < V5.4 HF2), SINAMICS Startdrive (All Versions < V16 Update 3), SINEC NMS (All versions < V1.0 SP2), SINEMA Server (All versions < V14 SP3), SINUMERIK ONE virtual (All Versions < V6.14), SINUMERIK Operate (All Versions < V6.14). A common component used by the affected applications regularly calls a helper binary with SYSTEM privileges while the call path is not quoted. This could allow a local attacker to execute arbitrary code with SYTEM privileges.

Category

6.7
CVSS
Severity: Medium
CVSS 3.1 •
CVSS 2.0 •
EPSS 0.05%
Vendor Advisory siemens.com
Affected: Siemens SIMATIC Automation Tool
Affected: Siemens SIMATIC NET PC Software V14
Affected: Siemens SIMATIC NET PC Software V15
Affected: Siemens SIMATIC NET PC Software V16
Affected: Siemens SIMATIC PCS neo
Affected: Siemens SIMATIC ProSave
Affected: Siemens SIMATIC S7-1500 Software Controller
Affected: Siemens SIMATIC STEP 7 (TIA Portal) V13
Affected: Siemens SIMATIC STEP 7 (TIA Portal) V14
Affected: Siemens SIMATIC STEP 7 (TIA Portal) V15
Affected: Siemens SIMATIC STEP 7 (TIA Portal) V16
Affected: Siemens SIMATIC STEP 7 V5
Affected: Siemens SIMATIC WinCC OA V3.16
Affected: Siemens SIMATIC WinCC OA V3.17
Affected: Siemens SIMATIC WinCC Runtime Advanced
Affected: Siemens SIMATIC WinCC Runtime Professional V13
Affected: Siemens SIMATIC WinCC Runtime Professional V14
Affected: Siemens SIMATIC WinCC Runtime Professional V15
Affected: Siemens SIMATIC WinCC Runtime Professional V16
Affected: Siemens SIMATIC WinCC V7.4
Affected: Siemens SIMATIC WinCC V7.5
Affected: Siemens SINAMICS STARTER
Affected: Siemens SINAMICS Startdrive
Affected: Siemens SINEC NMS
Affected: Siemens SINEMA Server
Affected: Siemens SINUMERIK ONE virtual
Affected: Siemens SINUMERIK Operate
Published at:
Updated at:

References

Link Tags
https://cert-portal.siemens.com/productcert/pdf/ssa-312271.pdf vendor advisory
https://us-cert.cisa.gov/ics/advisories/icsa-20-161-04 third party advisory us government resource

Frequently Asked Questions

What is the severity of CVE-2020-7580?
CVE-2020-7580 has been scored as a medium severity vulnerability.
How to fix CVE-2020-7580?
To fix CVE-2020-7580, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2020-7580 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2020-7580 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2020-7580?
CVE-2020-7580 affects Siemens SIMATIC Automation Tool, Siemens SIMATIC NET PC Software V14, Siemens SIMATIC NET PC Software V15, Siemens SIMATIC NET PC Software V16, Siemens SIMATIC PCS neo, Siemens SIMATIC ProSave, Siemens SIMATIC S7-1500 Software Controller, Siemens SIMATIC STEP 7 (TIA Portal) V13, Siemens SIMATIC STEP 7 (TIA Portal) V14, Siemens SIMATIC STEP 7 (TIA Portal) V15, Siemens SIMATIC STEP 7 (TIA Portal) V16, Siemens SIMATIC STEP 7 V5, Siemens SIMATIC WinCC OA V3.16, Siemens SIMATIC WinCC OA V3.17, Siemens SIMATIC WinCC Runtime Advanced, Siemens SIMATIC WinCC Runtime Professional V13, Siemens SIMATIC WinCC Runtime Professional V14, Siemens SIMATIC WinCC Runtime Professional V15, Siemens SIMATIC WinCC Runtime Professional V16, Siemens SIMATIC WinCC V7.4, Siemens SIMATIC WinCC V7.5, Siemens SINAMICS STARTER, Siemens SINAMICS Startdrive, Siemens SINEC NMS, Siemens SINEMA Server, Siemens SINUMERIK ONE virtual, Siemens SINUMERIK Operate.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.