CVE-2020-7583

2020-08-1415:24:06

CWE-285

siemens

www.cve.org

cve-2020-7583

privilege validation

file modification

AI Score

7.5

Confidence

High

EPSS

Percentile

12.6%

JSON

A vulnerability has been identified in Automation License Manager 5 (All versions), Automation License Manager 6 (All versions < V6.0.8). The application does not properly validate the users’ privileges when executing some operations, which could allow a user with low permissions to arbitrary modify files that should be protected against writing.

CNA Affected

[
  {
    "product": "Automation License Manager 5",
    "vendor": "Siemens AG",
    "versions": [
      {
        "status": "affected",
        "version": "All versions"
      }
    ]
  },
  {
    "product": "Automation License Manager 6",
    "vendor": "Siemens AG",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V6.0.8"
      }
    ]
  }
]

References

cert-portal.siemens.com/productcert/pdf/ssa-388646.pdf