Sign-up

ID

VAR-202008-1020


CVE

CVE-2020-7583


TITLE

Automation License Manager Unauthorized authentication vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-009611

DESCRIPTION

A vulnerability has been identified in Automation License Manager 5 (All versions), Automation License Manager 6 (All versions < V6.0.8). The application does not properly validate the users' privileges when executing some operations, which could allow a user with low permissions to arbitrary modify files that should be protected against writing. Automation License Manager Exists in a fraudulent authentication vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Siemens Automation License Manager is a set of systems used to process remote and local certificates in HMI, SCADA and industrial products from Siemens in Germany. The vulnerability is caused by the application failing to correctly verify the user's permissions when performing certain operations. Allow low-privileged users to arbitrarily modify the written file. Attackers can exploit this vulnerability to modify protected files at will

Trust: 2.25

sources: NVD: CVE-2020-7583 // JVNDB: JVNDB-2020-009611 // CNVD: CNVD-2020-45700 // VULHUB: VHN-185708

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-45700

AFFECTED PRODUCTS

vendor:siemensmodel:automation license managerscope:eqversion:5

Trust: 1.4

vendor:siemensmodel:automation license managerscope:ltversion:6.0.8

Trust: 1.0

vendor:siemensmodel:automation license managerscope:gteversion:5.0.0

Trust: 1.0

vendor:siemensmodel:automation license managerscope:eqversion:6.08

Trust: 0.8

vendor:siemensmodel:automation license managerscope:eqversion:6<v6.0.8

Trust: 0.6

sources: CNVD: CNVD-2020-45700 // JVNDB: JVNDB-2020-009611 // NVD: CVE-2020-7583

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-7583
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-009611
value: HIGH

Trust: 0.8

CNVD: CNVD-2020-45700
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202008-583
value: HIGH

Trust: 0.6

VULHUB: VHN-185708
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-7583
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-009611
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-45700
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-185708
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-7583
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-009611
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-45700 // VULHUB: VHN-185708 // JVNDB: JVNDB-2020-009611 // CNNVD: CNNVD-202008-583 // NVD: CVE-2020-7583

PROBLEMTYPE DATA

problemtype:CWE-863

Trust: 1.9

problemtype:CWE-285

Trust: 1.0

sources: VULHUB: VHN-185708 // JVNDB: JVNDB-2020-009611 // NVD: CVE-2020-7583

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202008-583

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202008-583

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-009611

PATCH
title:SSA-388646url:https://cert-portal.siemens.com/productcert/pdf/ssa-388646.pdf
Trust: 0.8
title:Patch for Siemens Automation License Manager local privilege escalation vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/230227
Trust: 0.6
title:Siemens Automation License Manager Remediation measures for authorization problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=126221
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-45700 // 
            
            
            
            JVNDB: JVNDB-2020-009611 // 
            
            
            
            CNNVD: CNNVD-202008-583

EXTERNAL IDS
db:NVDid:CVE-2020-7583
Trust: 3.1
db:SIEMENSid:SSA-388646
Trust: 2.3
db:ICS CERTid:ICSA-20-224-07
Trust: 1.4
db:JVNid:JVNVU96514651
Trust: 0.8
db:JVNDBid:JVNDB-2020-009611
Trust: 0.8
db:CNVDid:CNVD-2020-45700
Trust: 0.7
db:CNNVDid:CNNVD-202008-583
Trust: 0.7
db:AUSCERTid:ESB-2020.2776
Trust: 0.6
db:VULHUBid:VHN-185708
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-45700 // 
            
            
            
            VULHUB: VHN-185708 // 
            
            
            
            JVNDB: JVNDB-2020-009611 // 
            
            
            
            CNNVD: CNNVD-202008-583 // 
            
            
            
            NVD: CVE-2020-7583

REFERENCES
url:https://cert-portal.siemens.com/productcert/pdf/ssa-388646.pdf
Trust: 2.3
url:https://us-cert.cisa.gov/ics/advisories/icsa-20-224-07
Trust: 1.4
url:https://nvd.nist.gov/vuln/detail/cve-2020-7583
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-7583
Trust: 0.8
url:https://jvn.jp/vu/jvnvu96514651/
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2020.2776/
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-45700 // 
            
            
            
            VULHUB: VHN-185708 // 
            
            
            
            JVNDB: JVNDB-2020-009611 // 
            
            
            
            CNNVD: CNNVD-202008-583 // 
            
            
            
            NVD: CVE-2020-7583

SOURCES
db:CNVDid:CNVD-2020-45700
db:VULHUBid:VHN-185708
db:JVNDBid:JVNDB-2020-009611
db:CNNVDid:CNNVD-202008-583
db:NVDid:CVE-2020-7583

LAST UPDATE DATE
2024-11-23T20:38:48.038000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-45700date:2020-08-12T00:00:00
db:VULHUBid:VHN-185708date:2020-08-21T00:00:00
db:JVNDBid:JVNDB-2020-009611date:2020-11-20T07:22:40
db:CNNVDid:CNNVD-202008-583date:2020-08-17T00:00:00
db:NVDid:CVE-2020-7583date:2024-11-21T05:37:25.093

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-45700date:2020-08-12T00:00:00
db:VULHUBid:VHN-185708date:2020-08-14T00:00:00
db:JVNDBid:JVNDB-2020-009611date:2020-11-20T07:22:40
db:CNNVDid:CNNVD-202008-583date:2020-08-11T00:00:00
db:NVDid:CVE-2020-7583date:2020-08-14T16:15:17.727