CVE-2020-25245

Опубликовано: 09 фев. 2021

Источник: nvd

CVSS3: 7.8

CVSS2: 7.2

EPSS Низкий

Описание

A vulnerability has been identified in DIGSI 4 (All versions < V4.94 SP1 HF 1). Several folders in the %PATH% are writeable by normal users. As these folders are included in the search for dlls, an attacker could place dlls there with code executed by SYSTEM.

Ссылки

https://cert-portal.siemens.com/productcert/pdf/ssa-536315.pdf
Vendor Advisory
https://us-cert.cisa.gov/ics/advisories/icsa-21-040-10
Patch
Third Party Advisory
US Government Resource
https://cert-portal.siemens.com/productcert/pdf/ssa-536315.pdf
Vendor Advisory
https://us-cert.cisa.gov/ics/advisories/icsa-21-040-10
Patch
Third Party Advisory
US Government Resource

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:siemens:digsi_4:*:*:*:*:*:*:*:*

Версия до 4.94 (исключая)

cpe:2.3:a:siemens:digsi_4:4.94:-:*:*:*:*:*:*

cpe:2.3:a:siemens:digsi_4:4.94:sp1:*:*:*:*:*:*

EPSS

Процентиль: 11%

0.00039

Низкий

7.8 High

CVSS3

7.2 High

CVSS2

Дефекты

CWE-276

Связанные уязвимости

GHSA-3c8w-cf3r-86mw

github

больше 3 лет назад

BDU:2025-12962