CVE-2020-25238 - OpenCVE

A vulnerability has been identified in PCS neo (Administration Console) (All versions < V3.1), TIA Portal (V15, V15.1 and V16). Manipulating certain files in specific folders could allow a local attacker to execute code with SYSTEM privileges. The security vulnerability could be exploited by an attacker with a valid account and limited access rights on the system.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:L/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Siemens	Simatic Process Control System Neo Totally Integrated Automation Portal

Configuration 1 [-]

OR	cpe:2.3:a:siemens:simatic_process_control_system_neo::::::::
	cpe:2.3:a:siemens:totally_integrated_automation_portal:15:::::::*
	cpe:2.3:a:siemens:totally_integrated_automation_portal:15.1:::::::*
	cpe:2.3:a:siemens:totally_integrated_automation_portal:16:::::::*

No data.

References

Link	Providers
https://cert-portal.siemens.com/productcert/pdf/ssa-428051.pdf
https://us-cert.cisa.gov/ics/advisories/icsa-21-040-05
https://www.kb.cert.org/vuls/id/466044

History

No history.

MITRE

Status: PUBLISHED

Assigner: siemens

Published: 2021-02-09T15:38:18

Updated: 2024-08-04T15:33:05.412Z

Reserved: 2020-09-10T00:00:00

Link: CVE-2020-25238

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-02-09T17:15:13.610

Modified: 2022-10-21T18:21:51.103

Link: CVE-2020-25238

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "PCS neo (Administration Console)", "vendor": "Siemens", "versions": [{"status": "affected", "version": "All versions < V3.1"}]}, {"product": "TIA Portal", "vendor": "Siemens", "versions": [{"status": "affected", "version": "V15, V15.1 and V16"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in PCS neo (Administration Console) (All versions < V3.1), TIA Portal (V15, V15.1 and V16). Manipulating certain files in specific folders could allow a local attacker to execute code with SYSTEM privileges. The security vulnerability could be exploited by an attacker with a valid account and limited access rights on the system."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-284", "description": "CWE-284: Improper Access Control", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-09-14T10:47:11", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-428051.pdf"}, {"name": "VU#466044", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "https://www.kb.cert.org/vuls/id/466044"}, {"tags": ["x_refsource_MISC"], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-05"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "productcert@siemens.com", "ID": "CVE-2020-25238", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "PCS neo (Administration Console)", "version": {"version_data": [{"version_value": "All versions < V3.1"}]}}, {"product_name": "TIA Portal", "version": {"version_data": [{"version_value": "V15, V15.1 and V16"}]}}]}, "vendor_name": "Siemens"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability has been identified in PCS neo (Administration Console) (All versions < V3.1), TIA Portal (V15, V15.1 and V16). Manipulating certain files in specific folders could allow a local attacker to execute code with SYSTEM privileges. The security vulnerability could be exploited by an attacker with a valid account and limited access rights on the system."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-284: Improper Access Control"}]}]}, "references": {"reference_data": [{"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-428051.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-428051.pdf"}, {"name": "VU#466044", "refsource": "CERT-VN", "url": "https://www.kb.cert.org/vuls/id/466044"}, {"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-05", "refsource": "MISC", "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-05"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T15:33:05.412Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-428051.pdf"}, {"name": "VU#466044", "tags": ["third-party-advisory", "x_refsource_CERT-VN", "x_transferred"], "url": "https://www.kb.cert.org/vuls/id/466044"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-05"}]}]}, "cveMetadata": {"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2020-25238", "datePublished": "2021-02-09T15:38:18", "dateReserved": "2020-09-10T00:00:00", "dateUpdated": "2024-08-04T15:33:05.412Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:siemens:simatic_process_control_system_neo:*:*:*:*:*:*:*:*", "matchCriteriaId": "40B25C24-0170-4C7F-A226-88664D588501", "versionEndExcluding": "3.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:totally_integrated_automation_portal:15:*:*:*:*:*:*:*", "matchCriteriaId": "A5BC801E-9D78-4CD4-A457-00ABD5991515", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:totally_integrated_automation_portal:15.1:*:*:*:*:*:*:*", "matchCriteriaId": "11595F0A-45CA-4A06-A4E0-2F805B7514FE", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:totally_integrated_automation_portal:16:*:*:*:*:*:*:*", "matchCriteriaId": "2E1E7FB1-03AF-4AF0-B1A6-3AF65C818596", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in PCS neo (Administration Console) (All versions < V3.1), TIA Portal (V15, V15.1 and V16). Manipulating certain files in specific folders could allow a local attacker to execute code with SYSTEM privileges. The security vulnerability could be exploited by an attacker with a valid account and limited access rights on the system."}, {"lang": "es", "value": "Se ha identificado una vulnerabilidad en PCS neo (Consola de administraci\u00f3n) (Todas las versiones anteriores a la versi\u00f3n V3.1), TIA Portal (V15, V15.1 y V16). La manipulaci\u00f3n de determinados archivos en carpetas espec\u00edficas podr\u00eda permitir a un atacante local ejecutar c\u00f3digo con privilegios SYSTEM. La vulnerabilidad de seguridad podr\u00eda ser aprovechada por un atacante con una cuenta v\u00e1lida y derechos de acceso limitados en el sistema"}], "id": "CVE-2020-25238", "lastModified": "2022-10-21T18:21:51.103", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-02-09T17:15:13.610", "references": [{"source": "productcert@siemens.com", "tags": ["Vendor Advisory"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-428051.pdf"}, {"source": "productcert@siemens.com", "tags": ["Third Party Advisory", "US Government Resource", "VDB Entry"], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-05"}, {"source": "productcert@siemens.com", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.kb.cert.org/vuls/id/466044"}], "sourceIdentifier": "productcert@siemens.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-427"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-284"}], "source": "productcert@siemens.com", "type": "Secondary"}]}