VDB
ICSA-20-014-05
ICSA-20-014-05
PUBLISHED
CVSS 7.800000190734863 HIGH
Successful exploitation of this vulnerability could allow a local attacker to execute arbitrary code with SYSTEM privileges.
Risk Scores
CVSS v3.1
7.800000190734863
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| TIA Portal v16: All versions prior to v16 update 6 | ||
| TIA Portal v14: All versions | ||
| TIA Portal v15: All versions prior to v15.1 Update 7 | ||
| TIA Portal v17: All versions prior to v17 update 4 |
Timeline
- Jan 16, 2020 CVE Published
- Jun 16, 2022 CVE Updated
References
- http://www.siemens.com/cert/advisories fix
- https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2020/icsa-20-014-05.json advisory
- https://www.cisa.gov/news-events/ics-advisories/icsa-20-014-05 advisory
- https://www.cisa.gov/uscert/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf url
- https://support.industry.siemens.com/cs/de/de/view/109763890 fix
- https://support.industry.siemens.com/cs/ww/en/view/109784441 fix
- https://support.industry.siemens.com/cs/ww/en/view/109775861/ fix
- https://cert-portal.siemens.com/operational-guidelines-industrial-security.pdf fix
- https://www.siemens.com/industrialsecurity fix