CVE-2020-7588 - Vulnerability Details

Vendors	Products
Siemens	Opcenter Execution Discrete Opcenter Execution Foundation Opcenter Execution Process Opcenter Intelligence Opcenter Quality Opcenter Rd\&l Simatic It Lms Simatic It Production Suite Simatic Notifier Server Simatic Pcs Neo Simatic Step 7 Simocode Es Soft Starter Es

Link	Providers
https://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdf

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "Opcenter Execution Discrete", "vendor": "Siemens", "versions": [{"status": "affected", "version": "All versions < V3.2"}]}, {"product": "Opcenter Execution Foundation", "vendor": "Siemens", "versions": [{"status": "affected", "version": "All versions < V3.2"}]}, {"product": "Opcenter Execution Process", "vendor": "Siemens", "versions": [{"status": "affected", "version": "All versions < V3.2"}]}, {"product": "Opcenter Intelligence", "vendor": "Siemens", "versions": [{"status": "affected", "version": "All versions < V3.3"}]}, {"product": "Opcenter Quality", "vendor": "Siemens", "versions": [{"status": "affected", "version": "All versions < V11.3"}]}, {"product": "Opcenter RD&L", "vendor": "Siemens", "versions": [{"status": "affected", "version": "V8.0"}]}, {"product": "SIMATIC IT LMS", "vendor": "Siemens", "versions": [{"status": "affected", "version": "All versions < V2.6"}]}, {"product": "SIMATIC IT Production Suite", "vendor": "Siemens", "versions": [{"status": "affected", "version": "All versions < V8.0"}]}, {"product": "SIMATIC Notifier Server for Windows", "vendor": "Siemens", "versions": [{"status": "affected", "version": "All versions"}]}, {"product": "SIMATIC PCS neo", "vendor": "Siemens", "versions": [{"status": "affected", "version": "All versions < V3.0 SP1"}]}, {"product": "SIMATIC STEP 7 (TIA Portal) V15", "vendor": "Siemens", "versions": [{"status": "affected", "version": "All versions < V15.1 Update 5"}]}, {"product": "SIMATIC STEP 7 (TIA Portal) V16", "vendor": "Siemens", "versions": [{"status": "affected", "version": "All versions < V16 Update 2"}]}, {"product": "SIMOCODE ES V15.1", "vendor": "Siemens", "versions": [{"status": "affected", "version": "All versions < V15.1 Update 4"}]}, {"product": "SIMOCODE ES V16", "vendor": "Siemens", "versions": [{"status": "affected", "version": "All versions < V16 Update 1"}]}, {"product": "Soft Starter ES V15.1", "vendor": "Siemens", "versions": [{"status": "affected", "version": "All versions < V15.1 Update 3"}]}, {"product": "Soft Starter ES V16", "vendor": "Siemens", "versions": [{"status": "affected", "version": "All versions < V16 Update 1"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in Opcenter Execution Discrete (All versions < V3.2), Opcenter Execution Foundation (All versions < V3.2), Opcenter Execution Process (All versions < V3.2), Opcenter Intelligence (All versions < V3.3), Opcenter Quality (All versions < V11.3), Opcenter RD&L (V8.0), SIMATIC IT LMS (All versions < V2.6), SIMATIC IT Production Suite (All versions < V8.0), SIMATIC Notifier Server for Windows (All versions), SIMATIC PCS neo (All versions < V3.0 SP1), SIMATIC STEP 7 (TIA Portal) V15 (All versions < V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 2), SIMOCODE ES V15.1 (All versions < V15.1 Update 4), SIMOCODE ES V16 (All versions < V16 Update 1), Soft Starter ES V15.1 (All versions < V15.1 Update 3), Soft Starter ES V16 (All versions < V16 Update 1). Sending a specially crafted packet to the affected service could cause a partial remote denial-of-service, that would cause the service to restart itself."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20: Improper Input Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-08-10T11:16:56", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdf"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "productcert@siemens.com", "ID": "CVE-2020-7588", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Opcenter Execution Discrete", "version": {"version_data": [{"version_value": "All versions < V3.2"}]}}, {"product_name": "Opcenter Execution Foundation", "version": {"version_data": [{"version_value": "All versions < V3.2"}]}}, {"product_name": "Opcenter Execution Process", "version": {"version_data": [{"version_value": "All versions < V3.2"}]}}, {"product_name": "Opcenter Intelligence", "version": {"version_data": [{"version_value": "All versions < V3.3"}]}}, {"product_name": "Opcenter Quality", "version": {"version_data": [{"version_value": "All versions < V11.3"}]}}, {"product_name": "Opcenter RD&L", "version": {"version_data": [{"version_value": "V8.0"}]}}, {"product_name": "SIMATIC IT LMS", "version": {"version_data": [{"version_value": "All versions < V2.6"}]}}, {"product_name": "SIMATIC IT Production Suite", "version": {"version_data": [{"version_value": "All versions < V8.0"}]}}, {"product_name": "SIMATIC Notifier Server for Windows", "version": {"version_data": [{"version_value": "All versions"}]}}, {"product_name": "SIMATIC PCS neo", "version": {"version_data": [{"version_value": "All versions < V3.0 SP1"}]}}, {"product_name": "SIMATIC STEP 7 (TIA Portal) V15", "version": {"version_data": [{"version_value": "All versions < V15.1 Update 5"}]}}, {"product_name": "SIMATIC STEP 7 (TIA Portal) V16", "version": {"version_data": [{"version_value": "All versions < V16 Update 2"}]}}, {"product_name": "SIMOCODE ES V15.1", "version": {"version_data": [{"version_value": "All versions < V15.1 Update 4"}]}}, {"product_name": "SIMOCODE ES V16", "version": {"version_data": [{"version_value": "All versions < V16 Update 1"}]}}, {"product_name": "Soft Starter ES V15.1", "version": {"version_data": [{"version_value": "All versions < V15.1 Update 3"}]}}, {"product_name": "Soft Starter ES V16", "version": {"version_data": [{"version_value": "All versions < V16 Update 1"}]}}]}, "vendor_name": "Siemens"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability has been identified in Opcenter Execution Discrete (All versions < V3.2), Opcenter Execution Foundation (All versions < V3.2), Opcenter Execution Process (All versions < V3.2), Opcenter Intelligence (All versions < V3.3), Opcenter Quality (All versions < V11.3), Opcenter RD&L (V8.0), SIMATIC IT LMS (All versions < V2.6), SIMATIC IT Production Suite (All versions < V8.0), SIMATIC Notifier Server for Windows (All versions), SIMATIC PCS neo (All versions < V3.0 SP1), SIMATIC STEP 7 (TIA Portal) V15 (All versions < V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 2), SIMOCODE ES V15.1 (All versions < V15.1 Update 4), SIMOCODE ES V16 (All versions < V16 Update 1), Soft Starter ES V15.1 (All versions < V15.1 Update 3), Soft Starter ES V16 (All versions < V16 Update 1). Sending a specially crafted packet to the affected service could cause a partial remote denial-of-service, that would cause the service to restart itself."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-20: Improper Input Validation"}]}]}, "references": {"reference_data": [{"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdf"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T09:33:19.850Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdf"}]}]}, "cveMetadata": {"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2020-7588", "datePublished": "2020-07-14T13:18:05", "dateReserved": "2020-01-21T00:00:00", "dateUpdated": "2024-08-04T09:33:19.850Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : Opcenter Execution Discrete (string)

vendor : Siemens (string)

versions : [ »

0 : { »

status : affected (string)

version : All versions < V3.2 (string)

}

]

}

1 : { »

product : Opcenter Execution Foundation (string)

vendor : Siemens (string)

versions : [ »

0 : { »

status : affected (string)

version : All versions < V3.2 (string)

}

]

}

2 : { »

product : Opcenter Execution Process (string)

vendor : Siemens (string)

versions : [ »

0 : { »

status : affected (string)

version : All versions < V3.2 (string)

}

]

}

3 : { »

product : Opcenter Intelligence (string)

vendor : Siemens (string)

versions : [ »

0 : { »

status : affected (string)

version : All versions < V3.3 (string)

}

]

}

4 : { »

product : Opcenter Quality (string)

vendor : Siemens (string)

versions : [ »

0 : { »

status : affected (string)

version : All versions < V11.3 (string)

}

]

}

5 : { »

product : Opcenter RD&L (string)

vendor : Siemens (string)

versions : [ »

0 : { »

status : affected (string)

version : V8.0 (string)

}

]

}

6 : { »

product : SIMATIC IT LMS (string)

vendor : Siemens (string)

versions : [ »

0 : { »

status : affected (string)

version : All versions < V2.6 (string)

}

]

}

7 : { »

product : SIMATIC IT Production Suite (string)

vendor : Siemens (string)

versions : [ »

0 : { »

status : affected (string)

version : All versions < V8.0 (string)

}

]

}

8 : { »

product : SIMATIC Notifier Server for Windows (string)

vendor : Siemens (string)

versions : [ »

0 : { »

status : affected (string)

version : All versions (string)

}

]

}

9 : { »

product : SIMATIC PCS neo (string)

vendor : Siemens (string)

versions : [ »

0 : { »

status : affected (string)

version : All versions < V3.0 SP1 (string)

}

]

}

10 : { »

product : SIMATIC STEP 7 (TIA Portal) V15 (string)

vendor : Siemens (string)

versions : [ »

0 : { »

status : affected (string)

version : All versions < V15.1 Update 5 (string)

}

]

}

11 : { »

product : SIMATIC STEP 7 (TIA Portal) V16 (string)

vendor : Siemens (string)

versions : [ »

0 : { »

status : affected (string)

version : All versions < V16 Update 2 (string)

}

]

}

12 : { »

product : SIMOCODE ES V15.1 (string)

vendor : Siemens (string)

versions : [ »

0 : { »

status : affected (string)

version : All versions < V15.1 Update 4 (string)

}

]

}

13 : { »

product : SIMOCODE ES V16 (string)

vendor : Siemens (string)

versions : [ »

0 : { »

status : affected (string)

version : All versions < V16 Update 1 (string)

}

]

}

14 : { »

product : Soft Starter ES V15.1 (string)

vendor : Siemens (string)

versions : [ »

0 : { »

status : affected (string)

version : All versions < V15.1 Update 3 (string)

}

]

}

15 : { »

product : Soft Starter ES V16 (string)

vendor : Siemens (string)

versions : [ »

0 : { »

status : affected (string)

version : All versions < V16 Update 1 (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : A vulnerability has been identified in Opcenter Execution Discrete (All versions < V3.2), Opcenter Execution Foundation (All versions < V3.2), Opcenter Execution Process (All versions < V3.2), Opcenter Intelligence (All versions < V3.3), Opcenter Quality (All versions < V11.3), Opcenter RD&L (V8.0), SIMATIC IT LMS (All versions < V2.6), SIMATIC IT Production Suite (All versions < V8.0), SIMATIC Notifier Server for Windows (All versions), SIMATIC PCS neo (All versions < V3.0 SP1), SIMATIC STEP 7 (TIA Portal) V15 (All versions < V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 2), SIMOCODE ES V15.1 (All versions < V15.1 Update 4), SIMOCODE ES V16 (All versions < V16 Update 1), Soft Starter ES V15.1 (All versions < V15.1 Update 3), Soft Starter ES V16 (All versions < V16 Update 1). Sending a specially crafted packet to the affected service could cause a partial remote denial-of-service, that would cause the service to restart itself. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

cweId : CWE-20 (string)

description : CWE-20: Improper Input Validation (string)

lang : en (string)

type : CWE (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2022-08-10T11:16:56 (string)

orgId : cec7a2ec-15b4-4faf-bd53-b40f371f3a77 (string)

shortName : siemens (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdf (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : productcert@siemens.com (string)

ID : CVE-2020-7588 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : Opcenter Execution Discrete (string)

version : { »

version_data : [ »

0 : { »

version_value : All versions < V3.2 (string)

}

]

}

1 : { »

product_name : Opcenter Execution Foundation (string)

version : { »

version_data : [ »

0 : { »

version_value : All versions < V3.2 (string)

}

]

}

2 : { »

product_name : Opcenter Execution Process (string)

version : { »

version_data : [ »

0 : { »

version_value : All versions < V3.2 (string)

}

]

}

3 : { »

product_name : Opcenter Intelligence (string)

version : { »

version_data : [ »

0 : { »

version_value : All versions < V3.3 (string)

}

]

}

4 : { »

product_name : Opcenter Quality (string)

version : { »

version_data : [ »

0 : { »

version_value : All versions < V11.3 (string)

}

]

}

5 : { »

product_name : Opcenter RD&L (string)

version : { »

version_data : [ »

0 : { »

version_value : V8.0 (string)

}

]

}

6 : { »

product_name : SIMATIC IT LMS (string)

version : { »

version_data : [ »

0 : { »

version_value : All versions < V2.6 (string)

}

]

}

7 : { »

product_name : SIMATIC IT Production Suite (string)

version : { »

version_data : [ »

0 : { »

version_value : All versions < V8.0 (string)

}

]

}

8 : { »

product_name : SIMATIC Notifier Server for Windows (string)

version : { »

version_data : [ »

0 : { »

version_value : All versions (string)

}

]

}

9 : { »

product_name : SIMATIC PCS neo (string)

version : { »

version_data : [ »

0 : { »

version_value : All versions < V3.0 SP1 (string)

}

]

}

10 : { »

product_name : SIMATIC STEP 7 (TIA Portal) V15 (string)

version : { »

version_data : [ »

0 : { »

version_value : All versions < V15.1 Update 5 (string)

}

]

}

11 : { »

product_name : SIMATIC STEP 7 (TIA Portal) V16 (string)

version : { »

version_data : [ »

0 : { »

version_value : All versions < V16 Update 2 (string)

}

]

}

12 : { »

product_name : SIMOCODE ES V15.1 (string)

version : { »

version_data : [ »

0 : { »

version_value : All versions < V15.1 Update 4 (string)

}

]

}

13 : { »

product_name : SIMOCODE ES V16 (string)

version : { »

version_data : [ »

0 : { »

version_value : All versions < V16 Update 1 (string)

}

]

}

14 : { »

product_name : Soft Starter ES V15.1 (string)

version : { »

version_data : [ »

0 : { »

version_value : All versions < V15.1 Update 3 (string)

}

]

}

15 : { »

product_name : Soft Starter ES V16 (string)

version : { »

version_data : [ »

0 : { »

version_value : All versions < V16 Update 1 (string)

}

]

}

]

}

vendor_name : Siemens (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : A vulnerability has been identified in Opcenter Execution Discrete (All versions < V3.2), Opcenter Execution Foundation (All versions < V3.2), Opcenter Execution Process (All versions < V3.2), Opcenter Intelligence (All versions < V3.3), Opcenter Quality (All versions < V11.3), Opcenter RD&L (V8.0), SIMATIC IT LMS (All versions < V2.6), SIMATIC IT Production Suite (All versions < V8.0), SIMATIC Notifier Server for Windows (All versions), SIMATIC PCS neo (All versions < V3.0 SP1), SIMATIC STEP 7 (TIA Portal) V15 (All versions < V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 2), SIMOCODE ES V15.1 (All versions < V15.1 Update 4), SIMOCODE ES V16 (All versions < V16 Update 1), Soft Starter ES V15.1 (All versions < V15.1 Update 3), Soft Starter ES V16 (All versions < V16 Update 1). Sending a specially crafted packet to the affected service could cause a partial remote denial-of-service, that would cause the service to restart itself. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : CWE-20: Improper Input Validation (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : https://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdf (string)

refsource : MISC (string)

url : https://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdf (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-04T09:33:19.850Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdf (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : cec7a2ec-15b4-4faf-bd53-b40f371f3a77 (string)

assignerShortName : siemens (string)

cveId : CVE-2020-7588 (string)

datePublished : 2020-07-14T13:18:05 (string)

dateReserved : 2020-01-21T00:00:00 (string)

dateUpdated : 2024-08-04T09:33:19.850Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:siemens:opcenter_execution_discrete:*:*:*:*:*:*:*:*", "matchCriteriaId": "F33BF89C-F36E-4C8F-ABB9-579E2022DDA6", "versionEndExcluding": "3.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:opcenter_execution_foundation:*:*:*:*:*:*:*:*", "matchCriteriaId": "1DCE5E06-B75F-4D21-96CC-70DD373B1811", "versionEndExcluding": "3.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:opcenter_execution_process:*:*:*:*:*:*:*:*", "matchCriteriaId": "C4DD5C57-5877-495C-A01E-747E5DCED9F7", "versionEndExcluding": "3.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:opcenter_intelligence:*:*:*:*:*:*:*:*", "matchCriteriaId": "FA9BAFAE-C26A-4435-80C1-508F0A3EF768", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:opcenter_quality:*:*:*:*:*:*:*:*", "matchCriteriaId": "9DB2F53B-817C-41F3-9B52-85DE702ACCE5", "versionEndExcluding": "11.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:opcenter_rd\\&l:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "EE037602-C9E8-45D5-9A44-3B73052F478E", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:simatic_it_lms:*:*:*:*:*:*:*:*", "matchCriteriaId": "524AE90C-821A-4864-B3B2-33C083B536CB", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:simatic_it_production_suite:*:*:*:*:*:*:*:*", "matchCriteriaId": "E6324685-60ED-44CC-BAEA-3BEEBE681AC5", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:simatic_notifier_server:*:*:*:*:*:windows:*:*", "matchCriteriaId": "DE74021F-CE57-42CC-8093-E1B0352410FA", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:simatic_pcs_neo:*:*:*:*:*:*:*:*", "matchCriteriaId": "D61D4B81-7F51-49BE-83DD-D2C28D23B0EA", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:simatic_step_7:*:*:*:*:*:*:*:*", "matchCriteriaId": "2190AEE1-7EEA-48A9-B6C7-FF4B3A26008E", "versionEndIncluding": "15.1", "versionStartIncluding": "15", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:simatic_step_7:16:-:*:*:*:*:*:*", "matchCriteriaId": "66CB66B9-176E-4FA3-BC67-E7C5972A307C", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:simatic_step_7:16:update_1:*:*:*:*:*:*", "matchCriteriaId": "4E011D6F-CC5F-4278-80AB-D568730AA041", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:simocode_es:*:*:*:*:*:*:*:*", "matchCriteriaId": "CE934FDC-666F-4D9D-9C03-2896875F0A0D", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:soft_starter_es:*:*:*:*:*:*:*:*", "matchCriteriaId": "FA57190F-97BA-4D1D-BC73-F37162B775F9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in Opcenter Execution Discrete (All versions < V3.2), Opcenter Execution Foundation (All versions < V3.2), Opcenter Execution Process (All versions < V3.2), Opcenter Intelligence (All versions < V3.3), Opcenter Quality (All versions < V11.3), Opcenter RD&L (V8.0), SIMATIC IT LMS (All versions < V2.6), SIMATIC IT Production Suite (All versions < V8.0), SIMATIC Notifier Server for Windows (All versions), SIMATIC PCS neo (All versions < V3.0 SP1), SIMATIC STEP 7 (TIA Portal) V15 (All versions < V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 2), SIMOCODE ES V15.1 (All versions < V15.1 Update 4), SIMOCODE ES V16 (All versions < V16 Update 1), Soft Starter ES V15.1 (All versions < V15.1 Update 3), Soft Starter ES V16 (All versions < V16 Update 1). Sending a specially crafted packet to the affected service could cause a partial remote denial-of-service, that would cause the service to restart itself."}, {"lang": "es", "value": "Se ha identificado una vulnerabilidad en Opcenter Execution Discrete (Todas las versiones anteriores a V3.2), Opcenter Execution Foundation (Todas las versiones anteriores a V3.2), Opcenter Execution Process (Todas las versiones anteriores a V3.2), Opcenter Intelligence (Todas las versiones anteriores a V3.3), Opcenter Quality (Todas las versiones anteriores a V11.3), Opcenter RD&amp;L (V8.0), SIMATIC IT LMS (Todas las versiones anteriores a V2.6), SIMATIC IT Production Suite (Todas las versiones anteriores a V8. 0), SIMATIC Notifier Server for Windows (Todas las versiones), SIMATIC PCS neo (Todas las versiones anteriores a V3.0 SP1), SIMATIC STEP 7 (TIA Portal) V15 (Todas las versiones anteriores a V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (Todas las versiones anteriores a V16 Update 2), SIMOCODE ES V15. 1 (Todas las versiones anteriores a V15.1 Update 4), SIMOCODE ES V16 (Todas las versiones anteriores a V16 Update 1), Soft Starter ES V15.1 (Todas las versiones anteriores a V15.1 Update 3), Soft Starter ES V16 (Todas las versiones anteriores a V16 Update 1). El env\u00edo de un paquete especialmente dise\u00f1ado al servicio afectado podr\u00eda causar una denegaci\u00f3n de servicio remota parcial, que har\u00eda que el servicio se reiniciara"}], "id": "CVE-2020-7588", "lastModified": "2024-11-21T05:37:25.660", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-07-14T14:15:18.993", "references": [{"source": "productcert@siemens.com", "tags": ["Vendor Advisory"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdf"}], "sourceIdentifier": "productcert@siemens.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "productcert@siemens.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Secondary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:siemens:opcenter_execution_discrete:*:*:*:*:*:*:*:* (string)

matchCriteriaId : F33BF89C-F36E-4C8F-ABB9-579E2022DDA6 (string)

versionEndExcluding : 3.2 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:siemens:opcenter_execution_foundation:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 1DCE5E06-B75F-4D21-96CC-70DD373B1811 (string)

versionEndExcluding : 3.2 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:siemens:opcenter_execution_process:*:*:*:*:*:*:*:* (string)

matchCriteriaId : C4DD5C57-5877-495C-A01E-747E5DCED9F7 (string)

versionEndExcluding : 3.2 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:a:siemens:opcenter_intelligence:*:*:*:*:*:*:*:* (string)

matchCriteriaId : FA9BAFAE-C26A-4435-80C1-508F0A3EF768 (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:a:siemens:opcenter_quality:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 9DB2F53B-817C-41F3-9B52-85DE702ACCE5 (string)

versionEndExcluding : 11.3 (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:a:siemens:opcenter_rd\&l:8.0:*:*:*:*:*:*:* (string)

matchCriteriaId : EE037602-C9E8-45D5-9A44-3B73052F478E (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:a:siemens:simatic_it_lms:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 524AE90C-821A-4864-B3B2-33C083B536CB (string)

vulnerable : true (boolean)

}

7 : { »

criteria : cpe:2.3:a:siemens:simatic_it_production_suite:*:*:*:*:*:*:*:* (string)

matchCriteriaId : E6324685-60ED-44CC-BAEA-3BEEBE681AC5 (string)

vulnerable : true (boolean)

}

8 : { »

criteria : cpe:2.3:a:siemens:simatic_notifier_server:*:*:*:*:*:windows:*:* (string)

matchCriteriaId : DE74021F-CE57-42CC-8093-E1B0352410FA (string)

vulnerable : true (boolean)

}

9 : { »

criteria : cpe:2.3:a:siemens:simatic_pcs_neo:*:*:*:*:*:*:*:* (string)

matchCriteriaId : D61D4B81-7F51-49BE-83DD-D2C28D23B0EA (string)

vulnerable : true (boolean)

}

10 : { »

criteria : cpe:2.3:a:siemens:simatic_step_7:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 2190AEE1-7EEA-48A9-B6C7-FF4B3A26008E (string)

versionEndIncluding : 15.1 (string)

versionStartIncluding : 15 (string)

vulnerable : true (boolean)

}

11 : { »

criteria : cpe:2.3:a:siemens:simatic_step_7:16:-:*:*:*:*:*:* (string)

matchCriteriaId : 66CB66B9-176E-4FA3-BC67-E7C5972A307C (string)

vulnerable : true (boolean)

}

12 : { »

criteria : cpe:2.3:a:siemens:simatic_step_7:16:update_1:*:*:*:*:*:* (string)

matchCriteriaId : 4E011D6F-CC5F-4278-80AB-D568730AA041 (string)

vulnerable : true (boolean)

}

13 : { »

criteria : cpe:2.3:a:siemens:simocode_es:*:*:*:*:*:*:*:* (string)

matchCriteriaId : CE934FDC-666F-4D9D-9C03-2896875F0A0D (string)

vulnerable : true (boolean)

}

14 : { »

criteria : cpe:2.3:a:siemens:soft_starter_es:*:*:*:*:*:*:*:* (string)

matchCriteriaId : FA57190F-97BA-4D1D-BC73-F37162B775F9 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : A vulnerability has been identified in Opcenter Execution Discrete (All versions < V3.2), Opcenter Execution Foundation (All versions < V3.2), Opcenter Execution Process (All versions < V3.2), Opcenter Intelligence (All versions < V3.3), Opcenter Quality (All versions < V11.3), Opcenter RD&L (V8.0), SIMATIC IT LMS (All versions < V2.6), SIMATIC IT Production Suite (All versions < V8.0), SIMATIC Notifier Server for Windows (All versions), SIMATIC PCS neo (All versions < V3.0 SP1), SIMATIC STEP 7 (TIA Portal) V15 (All versions < V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 2), SIMOCODE ES V15.1 (All versions < V15.1 Update 4), SIMOCODE ES V16 (All versions < V16 Update 1), Soft Starter ES V15.1 (All versions < V15.1 Update 3), Soft Starter ES V16 (All versions < V16 Update 1). Sending a specially crafted packet to the affected service could cause a partial remote denial-of-service, that would cause the service to restart itself. (string)

}

1 : { »

lang : es (string)

value : Se ha identificado una vulnerabilidad en Opcenter Execution Discrete (Todas las versiones anteriores a V3.2), Opcenter Execution Foundation (Todas las versiones anteriores a V3.2), Opcenter Execution Process (Todas las versiones anteriores a V3.2), Opcenter Intelligence (Todas las versiones anteriores a V3.3), Opcenter Quality (Todas las versiones anteriores a V11.3), Opcenter RD&L (V8.0), SIMATIC IT LMS (Todas las versiones anteriores a V2.6), SIMATIC IT Production Suite (Todas las versiones anteriores a V8. 0), SIMATIC Notifier Server for Windows (Todas las versiones), SIMATIC PCS neo (Todas las versiones anteriores a V3.0 SP1), SIMATIC STEP 7 (TIA Portal) V15 (Todas las versiones anteriores a V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (Todas las versiones anteriores a V16 Update 2), SIMOCODE ES V15. 1 (Todas las versiones anteriores a V15.1 Update 4), SIMOCODE ES V16 (Todas las versiones anteriores a V16 Update 1), Soft Starter ES V15.1 (Todas las versiones anteriores a V15.1 Update 3), Soft Starter ES V16 (Todas las versiones anteriores a V16 Update 1). El envío de un paquete especialmente diseñado al servicio afectado podría causar una denegación de servicio remota parcial, que haría que el servicio se reiniciara (string)

}

]

id : CVE-2020-7588 (string)

lastModified : 2024-11-21T05:37:25.660 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : NETWORK (string)

authentication : NONE (string)

availabilityImpact : PARTIAL (string)

baseScore : 5 (number)

confidentialityImpact : NONE (string)

integrityImpact : NONE (string)

vectorString : AV:N/AC:L/Au:N/C:N/I:N/A:P (string)

version : 2.0 (string)

}

exploitabilityScore : 10 (number)

impactScore : 2.9 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : LOW (string)

baseScore : 5.3 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : NONE (string)

integrityImpact : NONE (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L (string)

version : 3.1 (string)

}

exploitabilityScore : 3.9 (number)

impactScore : 1.4 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2020-07-14T14:15:18.993 (string)

references : [ »

0 : { »

source : productcert@siemens.com (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdf (string)

}

1 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdf (string)

}

]

sourceIdentifier : productcert@siemens.com (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-20 (string)

}

]

source : productcert@siemens.com (string)

type : Secondary (string)

}

1 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-20 (string)

}

]

source : nvd@nist.gov (string)

type : Secondary (string)

}

]

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object