Lasse Trolle Borup of Danish Cyber Defense reported this vulnerability to Siemens. CRITICAL INFRASTRUCTURE SECTORS: Chemical, Energy, Food and Agriculture, and Water and Wastewater Systems.A CVSS v3 base score of 7.3 has been calculated the CVSS vector string is ( AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H). The application does not properly validate the users’ privileges when executing some operations, which could allow an attacker with low permissions to arbitrarily modify files that should be protected against writing.ĬVE-2020-7583 has been assigned to this vulnerability. Automation License Manager 6: All versions prior to v6.0.8ģ.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER AUTHORIZATION CWE-285.Automation License Manager 5: All versions.The following versions of Automation License Manager (ALM), a software management platform, are affected: Successful exploitation of this vulnerability could allow an attacker to locally escalate privileges and modify files that should be protected against writing. Equipment: Automation License Manager (ALM).
0 kommentar(er)
