CVE-2020-7588 vulnerability in Siemens Products
Published on July 14, 2020

A vulnerability has been identified in Opcenter Execution Discrete (All versions < V3.2), Opcenter Execution Foundation (All versions < V3.2), Opcenter Execution Process (All versions < V3.2), Opcenter Intelligence (All versions < V3.3), Opcenter Quality (All versions < V11.3), Opcenter RD&L (V8.0), SIMATIC IT LMS (All versions < V2.6), SIMATIC IT Production Suite (All versions < V8.0), SIMATIC Notifier Server for Windows (All versions), SIMATIC PCS neo (All versions < V3.0 SP1), SIMATIC STEP 7 (TIA Portal) V15 (All versions < V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 2), SIMOCODE ES V15.1 (All versions < V15.1 Update 4), SIMOCODE ES V16 (All versions < V16 Update 1), Soft Starter ES V15.1 (All versions < V15.1 Update 3), Soft Starter ES V16 (All versions < V16 Update 1). Sending a specially crafted packet to the affected service could cause a partial remote denial-of-service, that would cause the service to restart itself.

NVD

Weakness Type

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Products Associated with CVE-2020-7588

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2020-7588 are published in these products:

Siemens Opcenter Execution Discrete

Siemens Opcenter Execution Foundation

Siemens Opcenter Execution Process

Siemens Opcenter Intelligence

Siemens Opcenter Quality

Siemens Opcenter Rdl

Siemens Simatic It Lms

Siemens Simatic It Production Suite

Siemens Simatic Notifier Server

Siemens Simatic Pcs Neo

Siemens Simatic Step 7

Siemens Simocode Es

Siemens Soft Starter Es

Affected Versions

Siemens Opcenter Execution Discrete:

Version All versions < V3.2 is affected.

Siemens Opcenter Execution Foundation:

Version All versions < V3.2 is affected.

Siemens Opcenter Execution Process:

Version All versions < V3.2 is affected.

Siemens Opcenter Intelligence:

Version All versions < V3.3 is affected.

Siemens Opcenter Quality:

Version All versions < V11.3 is affected.

Siemens Opcenter RD&L:

Version V8.0 is affected.

Siemens SIMATIC IT LMS:

Version All versions < V2.6 is affected.

Siemens SIMATIC IT Production Suite:

Version All versions < V8.0 is affected.

Siemens SIMATIC Notifier Server for Windows:

Version All versions is affected.

Siemens SIMATIC PCS neo:

Version All versions < V3.0 SP1 is affected.

Siemens SIMATIC STEP 7 (TIA Portal) V15:

Version All versions < V15.1 Update 5 is affected.

Siemens SIMATIC STEP 7 (TIA Portal) V16:

Version All versions < V16 Update 2 is affected.

Siemens SIMOCODE ES V15.1:

Version All versions < V15.1 Update 4 is affected.

Siemens SIMOCODE ES V16:

Version All versions < V16 Update 1 is affected.

Siemens Soft Starter ES V15.1:

Version All versions < V15.1 Update 3 is affected.

Siemens Soft Starter ES V16:

Version All versions < V16 Update 1 is affected.

Exploit Probability

EPSS

0.40%

Percentile

60.12%