CVE-2020-7586

Name of the Vulnerable Software and Affected Versions: SIMATIC PCS 7 versions V8.2 and earlier SIMATIC PCS 7 version V9.0 through V9.0 SP2 SIMATIC PDM versions prior to V9.2 SIMATIC STEP 7 versions prior to V5.6 SP2 HF3 SINAMICS STARTER versions prior to V5.4 HF2

Description: A buffer overflow vulnerability could allow a local attacker to cause a Denial-of-Service situation. The security issue could be exploited by an attacker with local access to the affected systems, requiring user privileges but no user interaction. This could compromise the availability of the system and allow access to confidential information. The vulnerability is related to a buffer overflow in dynamic memory, which may also allow an attacker to execute arbitrary code.

Recommendations: For SIMATIC PCS 7 versions V8.2 and earlier, update to a version later than V8.2. For SIMATIC PCS 7 version V9.0, apply SP3 or later. For SIMATIC PDM, update to version V9.2 or later. For SIMATIC STEP 7, update to version V5.6 SP2 HF3 or later. For SINAMICS STARTER, update to version V5.4 HF2 or later.