cvelistv5 - cve-2020-28392

CVE-2020-28392 (GCVE-0-2020-28392)

Vulnerability from cvelistv5

Published

2021-02-09 15:38

Modified

2024-08-04 16:33

Severity ?

CWE

CWE-276 - Incorrect Default Permissions

Summary

A vulnerability has been identified in SIMARIS configuration (All versions < V4.0.1). During installation to default target folder, incorrect permissions are configured for the application folder and subfolders which could allow an attacker to gain persistence or potentially escalate privileges should a user with elevated credentials log onto the machine.

References

URL

Tags

https://cert-portal.siemens.com/productcert/pdf/ssa-794542.pdf

x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Siemens	SIMARIS configuration	Version: All versions < V4.0.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T16:33:59.083Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-794542.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "SIMARIS configuration",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.0.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in SIMARIS configuration (All versions \u003c V4.0.1). During installation to default target folder, incorrect permissions are configured for the application folder and subfolders which could allow an attacker to gain persistence or potentially escalate privileges should a user with elevated credentials log onto the machine."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-276",
              "description": "CWE-276: Incorrect Default Permissions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-05-12T13:18:22.000Z",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-794542.pdf"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "productcert@siemens.com",
          "ID": "CVE-2020-28392",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "SIMARIS configuration",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V4.0.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Siemens"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability has been identified in SIMARIS configuration (All versions \u003c V4.0.1). During installation to default target folder, incorrect permissions are configured for the application folder and subfolders which could allow an attacker to gain persistence or potentially escalate privileges should a user with elevated credentials log onto the machine."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-276: Incorrect Default Permissions"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-794542.pdf",
              "refsource": "MISC",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-794542.pdf"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2020-28392",
    "datePublished": "2021-02-09T15:38:20.000Z",
    "dateReserved": "2020-11-10T00:00:00.000Z",
    "dateUpdated": "2024-08-04T16:33:59.083Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTFR-2021-AVI-094

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Siemens. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Siemens	N/A	TIA Portal versions 15, 15.1 et 16
Siemens	N/A	SENTRON PAC3200T versions antérieures à 3.0.5
Siemens	N/A	Teamcenter Visualization versions antérieures à 13.1.0.1
Siemens	N/A	SINEMA Server versions antérieures à 14.0 SP2 Update 2
Siemens	N/A	Ruggedcom ROX MX5000, RX1400, RX1500, RX1501, RX1510, RX1511, RX1512 et RX5000 versions antérieures à 2.14.0
Siemens	N/A	PCS neo v3.0
Siemens	N/A	Nucleus NET versions antérieures à 5.2
Siemens	N/A	SINEC NMS versions antérieures à 1.0 SP1 Update 1
Siemens	N/A	SENTRON 3VA COM100/800 versions antérieures à 4.2
Siemens	N/A	SIMATIC PCS 7
Siemens	N/A	SENTRON PAC3200 versions antérieures à 2.4.5
Siemens	N/A	DIGSI 4 versions antérieures à 4.94 SP1 HF 1
Siemens	N/A	SENTRON 3VA DSP800 versions antérieures à 2.0
Siemens	N/A	SENTRON PAC2200 versions antérieures à 3.0.5
Siemens	N/A	SIMARIS configuration
Siemens	N/A	SIRIUS 3RW5 module de communication Modbus TCP
Siemens	N/A	Nucleus ReadyStart pour ARM, MIPS et PPC versions antérieures à 2012.12
Siemens	N/A	SCALANCE W780 and W740 versions antérieures à 6.3
Siemens	N/A	SIMATIC WinCC versions antérieures à 7.5 SP2
Siemens	N/A	SENTRON PAC4200 versions antérieures à 2.0.1
Siemens	N/A	JT2Go versions antérieures à 13.1.0.1

References

Title

Publication Time

Tags

Bulletin de sécurité Siemens SSA-663999 du 9 février 2021	None	vendor-advisory
Bulletin de sécurité Siemens SSA-541017 du 9 février 2021	None	vendor-advisory
Bulletin de sécurité Siemens SSA-944678 du 9 février 2021	None	vendor-advisory
Bulletin de sécurité Siemens SSA-156833 du 9 février 2021	None	vendor-advisory
Bulletin de sécurité Siemens SSA-536315 du 9 février 2021	None	vendor-advisory
Bulletin de sécurité Siemens SSA-362164 du 9 février 2021	None	vendor-advisory
Bulletin de sécurité Siemens SSA-379803 du 9 février 2021	None	vendor-advisory
Bulletin de sécurité Siemens SSA-428051 du 9 février 2021	None	vendor-advisory
Bulletin de sécurité Siemens SSA-794542 du 9 février 2021	None	vendor-advisory
Bulletin de sécurité Siemens SSA-686152 du 9 février 2021	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "TIA Portal versions 15, 15.1 et 16",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SENTRON PAC3200T versions ant\u00e9rieures \u00e0 3.0.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Teamcenter Visualization versions ant\u00e9rieures \u00e0 13.1.0.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SINEMA Server versions ant\u00e9rieures \u00e0 14.0 SP2 Update 2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Ruggedcom ROX MX5000, RX1400, RX1500, RX1501, RX1510, RX1511, RX1512 et RX5000 versions ant\u00e9rieures \u00e0 2.14.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "PCS neo v3.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Nucleus NET versions ant\u00e9rieures \u00e0 5.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SINEC NMS versions ant\u00e9rieures \u00e0 1.0 SP1 Update 1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SENTRON 3VA COM100/800 versions ant\u00e9rieures \u00e0 4.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC PCS 7",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SENTRON PAC3200 versions ant\u00e9rieures \u00e0 2.4.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "DIGSI 4 versions ant\u00e9rieures \u00e0 4.94 SP1 HF 1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SENTRON 3VA DSP800 versions ant\u00e9rieures \u00e0 2.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SENTRON PAC2200 versions ant\u00e9rieures \u00e0 3.0.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMARIS configuration",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIRIUS 3RW5 module de communication Modbus TCP",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Nucleus ReadyStart pour ARM, MIPS et PPC versions ant\u00e9rieures \u00e0 2012.12",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE W780 and W740 versions ant\u00e9rieures \u00e0 6.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC versions ant\u00e9rieures \u00e0 7.5 SP2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SENTRON PAC4200 versions ant\u00e9rieures \u00e0 2.0.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "JT2Go versions ant\u00e9rieures \u00e0 13.1.0.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2020-28388",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-28388"
    },
    {
      "name": "CVE-2021-25174",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-25174"
    },
    {
      "name": "CVE-2020-27006",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27006"
    },
    {
      "name": "CVE-2020-13988",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-13988"
    },
    {
      "name": "CVE-2020-26989",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-26989"
    },
    {
      "name": "CVE-2020-25238",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-25238"
    },
    {
      "name": "CVE-2018-18508",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-18508"
    },
    {
      "name": "CVE-2020-10048",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10048"
    },
    {
      "name": "CVE-2020-27001",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27001"
    },
    {
      "name": "CVE-2020-27004",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27004"
    },
    {
      "name": "CVE-2020-27008",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27008"
    },
    {
      "name": "CVE-2020-25245",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-25245"
    },
    {
      "name": "CVE-2019-17007",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17007"
    },
    {
      "name": "CVE-2020-28394",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-28394"
    },
    {
      "name": "CVE-2020-25237",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-25237"
    },
    {
      "name": "CVE-2020-26999",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-26999"
    },
    {
      "name": "CVE-2020-26991",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-26991"
    },
    {
      "name": "CVE-2020-26998",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-26998"
    },
    {
      "name": "CVE-2020-27005",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27005"
    },
    {
      "name": "CVE-2019-17006",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17006"
    },
    {
      "name": "CVE-2021-25177",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-25177"
    },
    {
      "name": "CVE-2021-25175",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-25175"
    },
    {
      "name": "CVE-2020-27003",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27003"
    },
    {
      "name": "CVE-2020-27000",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27000"
    },
    {
      "name": "CVE-2018-12404",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12404"
    },
    {
      "name": "CVE-2021-25666",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-25666"
    },
    {
      "name": "CVE-2019-11745",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11745"
    },
    {
      "name": "CVE-2020-26990",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-26990"
    },
    {
      "name": "CVE-2020-28392",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-28392"
    },
    {
      "name": "CVE-2021-25176",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-25176"
    },
    {
      "name": "CVE-2020-27007",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27007"
    },
    {
      "name": "CVE-2021-25178",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-25178"
    },
    {
      "name": "CVE-2020-27002",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27002"
    },
    {
      "name": "CVE-2021-25173",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-25173"
    },
    {
      "name": "CVE-2020-1763",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1763"
    }
  ],
  "initial_release_date": "2021-02-09T00:00:00",
  "last_revision_date": "2021-02-09T00:00:00",
  "links": [],
  "reference": "CERTFR-2021-AVI-094",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-02-09T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSiemens. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire, un d\u00e9ni de service \u00e0 distance et un\ncontournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-663999 du 9 f\u00e9vrier 2021",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-541017 du 9 f\u00e9vrier 2021",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-541017.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-944678 du 9 f\u00e9vrier 2021",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-944678.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-156833 du 9 f\u00e9vrier 2021",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-156833.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-536315 du 9 f\u00e9vrier 2021",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-536315.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-362164 du 9 f\u00e9vrier 2021",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-362164.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-379803 du 9 f\u00e9vrier 2021",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-428051 du 9 f\u00e9vrier 2021",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-428051.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-794542 du 9 f\u00e9vrier 2021",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-794542.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-686152 du 9 f\u00e9vrier 2021",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-686152.pdf"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2020-28392 (GCVE-0-2020-28392)

Vulnerability from cvelistv5

CERTFR-2021-AVI-094

Vulnerability from certfr_avis

Solution

Tags

Sightings

Nomenclature