Rewterz Threat Advisory – CVE-2020-8597 – ICS: Siemens SCALANCE, RUGGEDCOM
August 12, 2020Rewterz Threat Advisory – CVE-2020-1046 – Microsoft Windows code execution
August 12, 2020Rewterz Threat Advisory – CVE-2020-8597 – ICS: Siemens SCALANCE, RUGGEDCOM
August 12, 2020Rewterz Threat Advisory – CVE-2020-1046 – Microsoft Windows code execution
August 12, 2020Severity
Medium
Analysis Summary
The application does not properly validate the users’ privileges when executing some operations, which could allow an attacker with low permissions to arbitrarily modify files that should be protected against writing.
Impact
Privilege escalation
Affected Vendors
Siemens
Affected Products
Automation License Manager 5: All versions
Automation License Manager 6: All versions prior to v6.0.8
Remediation
Siemens recommends the following:
Users of License Manager 5: Disable access to drives which have licenses installed, for non-administrator users.
Users of License Manager 6: Update to v6.0.8 or later version.