CVE-2020-7580 - Unquoted Search Path or Element

Severity

67%

Complexity

8%

Confidentiality

98%

CVSS 3.1 Base Score 6.7. CVSS Attack Vector: local. CVSS Attack Complexity: low. CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).

CVSS 2.0 Base Score 7.2. CVSS Attack Vector: local. CVSS Attack Complexity: low. CVSS Vector: (AV:L/AC:L/Au:N/C:C/I:C/A:C).

Demo Examples

Unquoted Search Path or Element

CWE-428

The following example demonstrates the weakness.


               
UINT errCode = WinExec( "C:\\Program Files\\Foo\\Bar", SW_SHOW );

Overview

Type

Siemens

First reported 4 years ago

2020-06-10 17:15:00

Last updated 4 years ago

2020-12-14 22:15:00

Affected Software

Siemens SIMATIC Automatic Tool

Siemens SIMATIC NET PC 16

16

Siemens SIMATIC NET PC 16 Update 1

16

Siemens SIMATIC PCS neo

Siemens SIMATIC STEP 7 5.6

5.6

Siemens SIMATIC STEP 7 5.6 Service Pack 1

5.6

Siemens SIMATIC STEP 7 5.6 Service Pack 2

5.6

Siemens SIMATIC STEP 7 5.6 Service Pack 2 Hotfix1

5.6

Siemens SIMATIC WinCC 7.4 Service Pack 1 Update 1

7.4

Siemens SIMATIC WinCC 7.4 Service Pack 1 Update 10

7.4

Siemens SIMATIC WinCC 7.4 Service Pack 1 Update 11

7.4

Siemens SIMATIC WinCC 7.4 Service Pack 1 Update 12

7.4

Siemens SIMATIC WinCC 7.4 Service Pack 1 Update 13

7.4

Siemens SIMATIC WinCC 7.4 Service Pack 1 Update 2

7.4

Siemens SIMATIC WinCC 7.4 Service Pack 1 Update 3

7.4

Siemens SIMATIC WinCC 7.4 Service Pack 1 Update 4

7.4

Siemens SIMATIC WinCC 7.4 Service Pack 1 Update 5

7.4

Siemens SIMATIC WinCC 7.4 Service Pack 1 Update 6

7.4

Siemens SIMATIC WinCC 7.4 Service Pack 1 Update 7

7.4

Siemens SIMATIC WinCC 7.4 Service Pack 1 Update 8

7.4

Siemens SIMATIC WinCC 7.4 Service Pack 1 Update 9

7.4

Siemens SIMATIC WinCC 7.5

7.5

Siemens SIMATIC WinCC 7.5 Service Pack 1

7.5

Siemens SIMATIC WinCC 7.5 Service Pack 1 Update 1

7.5

Siemens SIMATIC WinCC 7.5 Service Pack 1 Update 2

7.5

Siemens SIMATIC WinCC Open Architecture 3.16

3.16

Siemens SIMATIC WinCC Open Architecture 3.17

3.17

Siemens SINAMICS Startdrive

Siemens SINAMICS STARTER Commissioning Tool

Siemens SINEC Network Management System (NMS)

Siemens SINUMERIK ONE Virtual

References

https://cert-portal.siemens.com/productcert/pdf/ssa-312271.pdf

https://www.us-cert.gov/ics/advisories/icsa-20-161-04

https://cert-portal.siemens.com/productcert/pdf/ssa-312271.pdf

Vendor Advisory

https://www.us-cert.gov/ics/advisories/icsa-20-161-04

Third Party Advisory, US Government Resource

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.