Rewterz Threat Advisory – CVE-2020-15791 – Siemens SIMATIC S7-300 and S7-400 CPUs
September 9, 2020Rewterz Threat Advisory – CVE-2020-8758 – Security Updates for Intel AMT and Intel ISM
September 9, 2020Rewterz Threat Advisory – CVE-2020-15791 – Siemens SIMATIC S7-300 and S7-400 CPUs
September 9, 2020Rewterz Threat Advisory – CVE-2020-8758 – Security Updates for Intel AMT and Intel ISM
September 9, 2020Severity
High
Analysis Summary
CVE-2020-10049
The start-stop scripts for the services of the affected application could allow a local attacker to include arbitrary commands that are executed when services are started or stopped interactively by system administrators.
CVE-2020-10050
The directory of service executables of the affected application could allow a local attacker to include arbitrary commands that are executed with SYSTEM privileges when the system restarts.
CVE-2020-10051
Multiple services of the affected application are executed with SYSTEM privileges while the call path is not quoted. This could allow a local attacker to inject arbitrary commands that are executed instead of the legitimate service.
Impact
- Incorrect Default Permissions
- Unquoted Search Path or Element
Affected Vendors
Siemens
Affected Products
SIMATIC RTLS Locating Manager
all versions prior to v2.10.2
Recommendation
Siemens recommends that users apply the update of the SIMATIC RTLS Locating Manager: v2.10.2