Vulnerability Description
A vulnerability has been identified in PCS neo (Administration Console) (All versions < V3.1), TIA Portal (V15, V15.1 and V16). Manipulating certain files in specific folders could allow a local attacker to execute code with SYSTEM privileges. The security vulnerability could be exploited by an attacker with a valid account and limited access rights on the system.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Siemens | Simatic Process Control System Neo | < 3.1 |
| Siemens | Totally Integrated Automation Portal | 15 |
Related Weaknesses (CWE)
References
- https://cert-portal.siemens.com/productcert/pdf/ssa-428051.pdfVendor Advisory
- https://us-cert.cisa.gov/ics/advisories/icsa-21-040-05Third Party AdvisoryUS Government ResourceVDB Entry
- https://www.kb.cert.org/vuls/id/466044Third Party AdvisoryUS Government Resource
- https://cert-portal.siemens.com/productcert/pdf/ssa-428051.pdfVendor Advisory
- https://us-cert.cisa.gov/ics/advisories/icsa-21-040-05Third Party AdvisoryUS Government ResourceVDB Entry
- https://www.kb.cert.org/vuls/id/466044Third Party AdvisoryUS Government Resource
FAQ
What is CVE-2020-25238?
CVE-2020-25238 is a vulnerability with a CVSS score of 7.8 (HIGH). A vulnerability has been identified in PCS neo (Administration Console) (All versions < V3.1), TIA Portal (V15, V15.1 and V16). Manipulating certain files in specific folders could allow a local attac...
How severe is CVE-2020-25238?
CVE-2020-25238 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-25238?
Check the references section above for vendor advisories and patch information. Affected products include: Siemens Simatic Process Control System Neo, Siemens Totally Integrated Automation Portal.