SB2021051312 - Multiple vulnerabilities in Siemens SIMATIC S7-1500
Published: May 13, 2021
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 2 secuirty vulnerabilities.
1) Improper Initialization (CVE-ID: CVE-2020-8744)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improper initialization in subsystem. A local administrator can run a specially crafted application to execute arbitrary code with escalated privileges on the system.
2) Buffer overflow (CVE-ID: CVE-2020-0591)
The vulnerability allows a local user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in BIOS firmware for some Intel Processors. A local administrator can trigger memory corruption and execute arbitrary code on the target system with elevated privileges.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Remediation
Cybersecurity Help is not aware of any official remediation provided by the vendor.
References
- https://us-cert.cisa.gov/ics/advisories/icsa-21-131-15
- https://cert-portal.siemens.com/productcert/pdf/ssa-501073.pdf
- https://us-cert.cisa.gov/ics/advisories/icsa-21-131-15"
- https://us-cert.cisa.gov/ics/advisories/icsa-21-131-15</a></p><p>
- https://cert-portal.siemens.com/productcert/pdf/ssa-501073.pdf</p><p><br></p>