CVE-2020-7583 — HIGH (7.8) — White Hats Nepal

Q: How severe is CVE-2020-7583?

CVE-2020-7583 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2020-7583?

Check the references section above for vendor advisories and patch information. Affected products include: Siemens Automation License Manager.

Vulnerability Description

A vulnerability has been identified in Automation License Manager 5 (All versions), Automation License Manager 6 (All versions < V6.0.8). The application does not properly validate the users' privileges when executing some operations, which could allow a user with low permissions to arbitrary modify files that should be protected against writing.

CVSS Score

7.8

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Siemens	Automation License Manager	>= 5.0.0, < 6.0.8

Related Weaknesses (CWE)

CWE-285 CWE-863

References

https://cert-portal.siemens.com/productcert/pdf/ssa-388646.pdfPatchVendor Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-388646.pdfPatchVendor Advisory

FAQ

What is CVE-2020-7583?

CVE-2020-7583 is a vulnerability with a CVSS score of 7.8 (HIGH). A vulnerability has been identified in Automation License Manager 5 (All versions), Automation License Manager 6 (All versions < V6.0.8). The application does not properly validate the users' privileg...

How severe is CVE-2020-7583?

CVE-2020-7583 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-7583?

Check the references section above for vendor advisories and patch information. Affected products include: Siemens Automation License Manager.