CVE-2020-25238

Опубликовано: 09 фев. 2021

Источник: nvd

CVSS3: 7.8

CVSS2: 7.2

EPSS Низкий

Описание

A vulnerability has been identified in PCS neo (Administration Console) (All versions < V3.1), TIA Portal (V15, V15.1 and V16). Manipulating certain files in specific folders could allow a local attacker to execute code with SYSTEM privileges. The security vulnerability could be exploited by an attacker with a valid account and limited access rights on the system.

Ссылки

https://cert-portal.siemens.com/productcert/pdf/ssa-428051.pdf
Vendor Advisory
https://us-cert.cisa.gov/ics/advisories/icsa-21-040-05
Third Party Advisory
US Government Resource
VDB Entry
https://www.kb.cert.org/vuls/id/466044
Third Party Advisory
US Government Resource
https://cert-portal.siemens.com/productcert/pdf/ssa-428051.pdf
Vendor Advisory
https://us-cert.cisa.gov/ics/advisories/icsa-21-040-05
Third Party Advisory
US Government Resource
VDB Entry
https://www.kb.cert.org/vuls/id/466044
Third Party Advisory
US Government Resource

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:siemens:simatic_process_control_system_neo:*:*:*:*:*:*:*:*

Версия до 3.1 (исключая)

cpe:2.3:a:siemens:totally_integrated_automation_portal:15:*:*:*:*:*:*:*

cpe:2.3:a:siemens:totally_integrated_automation_portal:15.1:*:*:*:*:*:*:*

cpe:2.3:a:siemens:totally_integrated_automation_portal:16:*:*:*:*:*:*:*

EPSS

Процентиль: 25%

0.00085

Низкий

7.8 High

CVSS3

7.2 High

CVSS2

Дефекты

CWE-284

CWE-427

Связанные уязвимости

GHSA-xj9q-pj74-p2j4