VDB
CVE-2020-25238
CVE-2020-25238
PUBLISHED
CVSS 7.800000190734863 HIGH
A vulnerability has been identified in PCS neo (Administration Console) (V3.0), TIA Portal (V15, V15.1 and V16). Manipulating certain files in specific folders could allow a local attacker to execute code with SYSTEM privileges. The security vulnerability could be exploited by an attacker with a valid account and limited access rights on the system.
EPSS 0.12% · 29.9th percentile
Risk Scores
CVSS 3.1
7.800000190734863
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
0.12%
29.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Siemens | TIA Portal | V15, V15.1 and V16 |
| siemens | totally_integrated_automation_portal | 15, 15.1, 16 |
| siemens | simatic_process_control_system_neo | 0 |
| Siemens | PCS neo (Administration Console) | All versions < V3.1 |
Exploit Intelligence
Timeline
- Feb 9, 2021 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
References
- https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-541017.pdf advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-944678.pdf advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-156833.pdf advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-536315.pdf advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-362164.pdf advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-428051.pdf advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-794542.pdf advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-686152.pdf advisory
- VU#466044 third-party-advisory
- https://us-cert.cisa.gov/ics/advisories/icsa-21-040-05 url
- https://nvd.nist.gov/vuln/detail/CVE-2020-25238 advisory