CVE-2020-7581

Name of the Vulnerable Software and Affected Versions Opcenter Execution Discrete versions prior to V3.2 Opcenter Execution Foundation versions prior to V3.2 Opcenter Execution Process versions prior to V3.2 Opcenter Intelligence versions prior to V3.3 Opcenter Quality versions prior to V11.3 Opcenter RD&L version V8.0 SIMATIC Notifier Server for Windows (affected versions not specified) SIMATIC PCS neo versions prior to V3.0 SP1 SIMATIC STEP 7 (TIA Portal) V15 versions prior to V15.1 Update 5 SIMATIC STEP 7 (TIA Portal) V16 versions prior to V16 Update 2 SIMOCODE ES V15.1 versions prior to V15.1 Update 4 SIMOCODE ES V16 versions prior to V16 Update 1 Soft Starter ES V15.1 versions prior to V15.1 Update 3 Soft Starter ES V16 versions prior to V16 Update 1

Description A component within the affected application calls a helper binary with SYSTEM privileges during startup while the call path is not quoted. This could allow a local attacker with administrative privileges to execute code with SYSTEM level privileges. The issue is related to the absence of quotes in writing elements or search paths.

Recommendations For Opcenter Execution Discrete versions prior to V3.2, update to version V3.2 or later. For Opcenter Execution Foundation versions prior to V3.2, update to version V3.2 or later. For Opcenter Execution Process versions prior to V3.2, update to version V3.2 or later. For Opcenter Intelligence versions prior to V3.3, update to version V3.3 or later. For Opcenter Quality versions prior to V11.3, update to version V11.3 or later. For Opcenter RD&L version V8.0, apply the recommended patch or update. For SIMATIC Notifier Server for Windows, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For SIMATIC PCS neo versions prior to V3.0 SP1, update to version V3.0 SP1 or later. For SIMATIC STEP 7 (TIA Portal) V15 versions prior to V15.1 Update 5, update to version V15.1 Update 5 or later. For SIMATIC STEP 7 (TIA Portal) V16 versions prior to V16 Update 2, update to version V16 Update 2 or later. For SIMOCODE ES V15.1 versions prior to V15.1 Update 4, update to version V15.1 Update 4 or later. For SIMOCODE ES V16 versions prior to V16 Update 1, update to version V16 Update 1 or later. For Soft Starter ES V15.1 versions prior to V15.1 Update 3, update to version V15.1 Update 3 or later. For Soft Starter ES V16 versions prior to V16 Update 1, update to version V16 Update 1 or later.