Vulnerability in Siemens Simatic Automation Tool
CVE-2020-7580
A vulnerability has been identified in SIMATIC Automation Tool (All versions < V4 SP2), SIMATIC NET PC Software V14 (All versions < V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions), SIMATIC NET PC Software V16 (All versions <…
EPSS: 0.000 (15.6th percentile) — read the EPSS interpretation.
Affected products
- Siemens Simatic Automation Tool — versions All versions < V4 SP2
- Siemens Simatic Net Pc Software V14 — versions All versions < V14 SP1 Update 14
- Siemens Simatic Net Pc Software V15 — versions All versions
- Siemens Simatic Net Pc Software V16 — versions All versions < V16 Upd3
- Siemens Simatic Pcs Neo — versions All versions < V3.0 SP1
- Siemens Simatic Prosave — versions All versions < V17
- Siemens Simatic S7-1500 Software Controller — versions All versions < V21.8
- Siemens Simatic Step 7 (Tia Portal) V13 — versions All versions < V13 SP2 Update 4
- Siemens Simatic Step 7 (Tia Portal) V14 — versions All versions < V14 SP1 Update 10
- Siemens Simatic Step 7 (Tia Portal) V15 — versions All versions < V15.1 Update 5
Weakness classification (CWE)
Public proof-of-concept exploits
References
Frequently asked questions
- What is CVE-2020-7580?
- CVE-2020-7580 is a vulnerability in Siemens Simatic Automation Tool, classified under Unquoted Search Path or Element. Published 2020-06-10.
- Is CVE-2020-7580 known to be exploited?
- 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.