A CVSS v3 base score of 7.8 has been calculated the CVSS vector string is ( AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). The affected product is vulnerable to DLL hijacking, which may allow an attacker with local access to execute code with elevated privileges.ĬVE-2020-7585 has been assigned to this vulnerability. SINAMICS STARTER (containing STEP 7 OEM version): All versions prior to 5.4 HF2Ĥ.2 VULNERABILITY OVERVIEW 4.2.1 UNCONTROLLED SEARCH PATH ELEMENT CWE-427.SIMATIC STEP 7 v5.X: All versions prior to 5.6 SP2 HF3.SIMATIC PCS 7 v9.0: All versions prior to 9.0 SP3.SIMATIC PCS 7: All versions including v8.2 and prior.The following Siemens products are affected: Successful exploitation of these vulnerabilities could allow an attacker to affect the availability of the devices under certain conditions. This updated advisory is a follow-up to the advisory update titled ICSA-20-161-05 Siemens SIMATIC, SINAMICS (Update B) that was published December 8, 2020, to the ICS webpage on. Vulnerabilities: Uncontrolled Search Path Element, Heap-based Buffer Overflow.
