var-202008-1020
Vulnerability from variot
A vulnerability has been identified in Automation License Manager 5 (All versions), Automation License Manager 6 (All versions < V6.0.8). The application does not properly validate the users' privileges when executing some operations, which could allow a user with low permissions to arbitrary modify files that should be protected against writing. Automation License Manager Exists in a fraudulent authentication vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Siemens Automation License Manager is a set of systems used to process remote and local certificates in HMI, SCADA and industrial products from Siemens in Germany. The vulnerability is caused by the application failing to correctly verify the user's permissions when performing certain operations. Allow low-privileged users to arbitrarily modify the written file. Attackers can exploit this vulnerability to modify protected files at will
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202008-1020",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "automation license manager",
"scope": "eq",
"trust": 1.4,
"vendor": "siemens",
"version": "5"
},
{
"model": "automation license manager",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "6.0.8"
},
{
"model": "automation license manager",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "5.0.0"
},
{
"model": "automation license manager",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "6.08"
},
{
"model": "automation license manager",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "6\u003cv6.0.8"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-45700"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009611"
},
{
"db": "NVD",
"id": "CVE-2020-7583"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:siemens:automation_license_manager",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-009611"
}
]
},
"cve": "CVE-2020-7583",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2020-7583",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 4.6,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2020-009611",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2020-45700",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-185708",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2020-7583",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-009611",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-7583",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2020-009611",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-45700",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202008-583",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-185708",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-45700"
},
{
"db": "VULHUB",
"id": "VHN-185708"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009611"
},
{
"db": "CNNVD",
"id": "CNNVD-202008-583"
},
{
"db": "NVD",
"id": "CVE-2020-7583"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability has been identified in Automation License Manager 5 (All versions), Automation License Manager 6 (All versions \u003c V6.0.8). The application does not properly validate the users\u0027 privileges when executing some operations, which could allow a user with low permissions to arbitrary modify files that should be protected against writing. Automation License Manager Exists in a fraudulent authentication vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Siemens Automation License Manager is a set of systems used to process remote and local certificates in HMI, SCADA and industrial products from Siemens in Germany. The vulnerability is caused by the application failing to correctly verify the user\u0027s permissions when performing certain operations. Allow low-privileged users to arbitrarily modify the written file. Attackers can exploit this vulnerability to modify protected files at will",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-7583"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009611"
},
{
"db": "CNVD",
"id": "CNVD-2020-45700"
},
{
"db": "VULHUB",
"id": "VHN-185708"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-7583",
"trust": 3.1
},
{
"db": "SIEMENS",
"id": "SSA-388646",
"trust": 2.3
},
{
"db": "ICS CERT",
"id": "ICSA-20-224-07",
"trust": 1.4
},
{
"db": "JVN",
"id": "JVNVU96514651",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009611",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-45700",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-202008-583",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2020.2776",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-185708",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-45700"
},
{
"db": "VULHUB",
"id": "VHN-185708"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009611"
},
{
"db": "CNNVD",
"id": "CNNVD-202008-583"
},
{
"db": "NVD",
"id": "CVE-2020-7583"
}
]
},
"id": "VAR-202008-1020",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-45700"
},
{
"db": "VULHUB",
"id": "VHN-185708"
}
],
"trust": 1.32931037
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-45700"
}
]
},
"last_update_date": "2024-11-23T20:38:48.038000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-388646",
"trust": 0.8,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-388646.pdf"
},
{
"title": "Patch for Siemens Automation License Manager local privilege escalation vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/230227"
},
{
"title": "Siemens Automation License Manager Remediation measures for authorization problem vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=126221"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-45700"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009611"
},
{
"db": "CNNVD",
"id": "CNNVD-202008-583"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-863",
"trust": 1.9
},
{
"problemtype": "CWE-285",
"trust": 1.0
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-185708"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009611"
},
{
"db": "NVD",
"id": "CVE-2020-7583"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-388646.pdf"
},
{
"trust": 1.4,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-224-07"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-7583"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-7583"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu96514651/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2776/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-45700"
},
{
"db": "VULHUB",
"id": "VHN-185708"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009611"
},
{
"db": "CNNVD",
"id": "CNNVD-202008-583"
},
{
"db": "NVD",
"id": "CVE-2020-7583"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-45700"
},
{
"db": "VULHUB",
"id": "VHN-185708"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009611"
},
{
"db": "CNNVD",
"id": "CNNVD-202008-583"
},
{
"db": "NVD",
"id": "CVE-2020-7583"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-45700"
},
{
"date": "2020-08-14T00:00:00",
"db": "VULHUB",
"id": "VHN-185708"
},
{
"date": "2020-11-20T07:22:40",
"db": "JVNDB",
"id": "JVNDB-2020-009611"
},
{
"date": "2020-08-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202008-583"
},
{
"date": "2020-08-14T16:15:17.727000",
"db": "NVD",
"id": "CVE-2020-7583"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-45700"
},
{
"date": "2020-08-21T00:00:00",
"db": "VULHUB",
"id": "VHN-185708"
},
{
"date": "2020-11-20T07:22:40",
"db": "JVNDB",
"id": "JVNDB-2020-009611"
},
{
"date": "2020-08-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202008-583"
},
{
"date": "2024-11-21T05:37:25.093000",
"db": "NVD",
"id": "CVE-2020-7583"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202008-583"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Automation License Manager Unauthorized authentication vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-009611"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202008-583"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…