{"cve":{"cve_id":"CVE-2020-7580","is_kev":false,"kev_date_added":null,"kev_vendor_project":null,"kev_product":null,"kev_vulnerability_name":null,"kev_short_description":null,"kev_required_action":null,"kev_due_date":null,"kev_known_ransomware":null,"kev_notes":null,"kev_cwes":null,"epss_score":0.00441,"epss_percentile":0.35094,"epss_as_of":"2026-06-23","description":"A vulnerability has been identified in SIMATIC Automation Tool (All versions < V4 SP2), SIMATIC NET PC Software V14 (All versions < V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions), SIMATIC NET PC Software V16 (All versions < V16 Upd3), SIMATIC PCS neo (All versions < V3.0 SP1), SIMATIC ProSave (All versions < V17), SIMATIC S7-1500 Software Controller (All versions < V21.8), SIMATIC STEP 7 (TIA Portal) V13 (All versions < V13 SP2 Update 4), SIMATIC STEP 7 (TIA Portal) V14 (All versions < V14 SP1 Update 10), SIMATIC STEP 7 (TIA Portal) V15 (All versions < V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 2), SIMATIC STEP 7 V5 (All versions < V5.6 SP2 HF3), SIMATIC WinCC OA V3.16 (All versions < V3.16 P018), SIMATIC WinCC OA V3.17 (All versions < V3.17 P003), SIMATIC WinCC Runtime Advanced (All versions < V16 Update 2), SIMATIC WinCC Runtime Professional V13 (All versions < V13 SP2 Update 4), SIMATIC WinCC Runtime Professional V14 (All versions < V14 SP1 Update 10), SIMATIC WinCC Runtime Professional V15 (All versions < V15.1 Update 5), SIMATIC WinCC Runtime Professional V16 (All versions < V16 Update 2), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 14), SIMATIC WinCC V7.5 (All versions < V7.5 SP1 Update 3), SINAMICS STARTER (All Versions < V5.4 HF2), SINAMICS Startdrive (All Versions < V16 Update 3), SINEC NMS (All versions < V1.0 SP2), SINEMA Server (All versions < V14 SP3), SINUMERIK ONE virtual (All Versions < V6.14), SINUMERIK Operate (All Versions < V6.14). A common component used by the affected applications regularly calls a helper binary with SYSTEM privileges while the call path is not quoted. This could allow a local attacker to execute arbitrary code with SYTEM privileges.","published_at":"2020-06-10T00:00:00Z","last_modified_at":null,"cvss_v3_score":null,"cvss_v3_vector":null,"cvss_v3_severity":null,"cvss_v4_score":null,"cvss_v4_vector":null,"cvss_v4_severity":null,"ssvc_decision":null,"ssvc_exploitation":null,"ssvc_automatable":null,"ssvc_technical_impact":null,"cwes":["CWE-428"],"nvd_references":["https://cert-portal.siemens.com/productcert/pdf/ssa-312271.pdf","https://us-cert.cisa.gov/ics/advisories/icsa-20-161-04"],"vuln_status":null,"trending_score":null,"is_trending":false,"has_trended":false,"trended_number_one":false,"trending_peak_score":null,"trending_peak_rank":null,"started_trending_at":null,"trended_number_one_at":null,"summary_generated":null,"summary_generated_at":null,"summary_model":null,"created_at":"2026-06-24T00:09:39.878444Z","updated_at":"2026-06-28T23:14:33.564062Z"},"effective_severity":null,"badges":[],"impact_analysis":[],"cvss_v3_decoded":{"version":null,"metrics":[]},"cvss_v4_decoded":{"version":null,"metrics":[]},"affected":[{"vendor_slug":"siemens","vendor_name":"Siemens","product_slug":"simatic-automation-tool","product_name":"SIMATIC Automation Tool","version_start":"All versions < V4 SP2","version_start_inclusive":true,"version_end":"All versions < V4 SP2","version_end_inclusive":true,"cpe23_uri":"cve5:siemens:simatic-automation-tool:All versions < V4 SP2:All versions < V4 SP2"},{"vendor_slug":"siemens","vendor_name":"Siemens","product_slug":"simatic-net-pc-software-v14","product_name":"SIMATIC NET PC Software V14","version_start":"All versions < V14 SP1 Update 14","version_start_inclusive":true,"version_end":"All versions < V14 SP1 Update 14","version_end_inclusive":true,"cpe23_uri":"cve5:siemens:simatic-net-pc-software-v14:All versions < V14 SP1 Update 14:All versions < V14 SP1 Update 14"},{"vendor_slug":"siemens","vendor_name":"Siemens","product_slug":"simatic-net-pc-software-v15","product_name":"SIMATIC NET PC Software V15","version_start":"All versions","version_start_inclusive":true,"version_end":"All versions","version_end_inclusive":true,"cpe23_uri":"cve5:siemens:simatic-net-pc-software-v15:All versions:All versions"},{"vendor_slug":"siemens","vendor_name":"Siemens","product_slug":"simatic-net-pc-software-v16","product_name":"SIMATIC NET PC Software V16","version_start":"All versions < V16 Upd3","version_start_inclusive":true,"version_end":"All versions < V16 Upd3","version_end_inclusive":true,"cpe23_uri":"cve5:siemens:simatic-net-pc-software-v16:All versions < V16 Upd3:All versions < V16 Upd3"},{"vendor_slug":"siemens","vendor_name":"Siemens","product_slug":"simatic-pcs-neo","product_name":"SIMATIC PCS neo","version_start":"All versions < V3.0 SP1","version_start_inclusive":true,"version_end":"All versions < V3.0 SP1","version_end_inclusive":true,"cpe23_uri":"cve5:siemens:simatic-pcs-neo:All versions < V3.0 SP1:All versions < V3.0 SP1"},{"vendor_slug":"siemens","vendor_name":"Siemens","product_slug":"simatic-prosave","product_name":"SIMATIC ProSave","version_start":"All versions < V17","version_start_inclusive":true,"version_end":"All versions < V17","version_end_inclusive":true,"cpe23_uri":"cve5:siemens:simatic-prosave:All versions < V17:All versions < V17"},{"vendor_slug":"siemens","vendor_name":"Siemens","product_slug":"simatic-s7-1500-software-controller","product_name":"SIMATIC S7-1500 Software Controller","version_start":"All versions < V21.8","version_start_inclusive":true,"version_end":"All versions < V21.8","version_end_inclusive":true,"cpe23_uri":"cve5:siemens:simatic-s7-1500-software-controller:All versions < V21.8:All versions < V21.8"},{"vendor_slug":"siemens","vendor_name":"Siemens","product_slug":"simatic-step-7-tia-portal-v13","product_name":"SIMATIC STEP 7 (TIA Portal) V13","version_start":"All versions < V13 SP2 Update 4","version_start_inclusive":true,"version_end":"All versions < V13 SP2 Update 4","version_end_inclusive":true,"cpe23_uri":"cve5:siemens:simatic-step-7-tia-portal-v13:All versions < V13 SP2 Update 4:All versions < V13 SP2 Update 4"},{"vendor_slug":"siemens","vendor_name":"Siemens","product_slug":"simatic-step-7-tia-portal-v14","product_name":"SIMATIC STEP 7 (TIA Portal) V14","version_start":"All versions < V14 SP1 Update 10","version_start_inclusive":true,"version_end":"All versions < V14 SP1 Update 10","version_end_inclusive":true,"cpe23_uri":"cve5:siemens:simatic-step-7-tia-portal-v14:All versions < V14 SP1 Update 10:All versions < V14 SP1 Update 10"},{"vendor_slug":"siemens","vendor_name":"Siemens","product_slug":"simatic-step-7-tia-portal-v15","product_name":"SIMATIC STEP 7 (TIA Portal) V15","version_start":"All versions < V15.1 Update 5","version_start_inclusive":true,"version_end":"All versions < V15.1 Update 5","version_end_inclusive":true,"cpe23_uri":"cve5:siemens:simatic-step-7-tia-portal-v15:All versions < V15.1 Update 5:All versions < V15.1 Update 5"},{"vendor_slug":"siemens","vendor_name":"Siemens","product_slug":"simatic-step-7-tia-portal-v16","product_name":"SIMATIC STEP 7 (TIA Portal) V16","version_start":"All versions < V16 Update 2","version_start_inclusive":true,"version_end":"All versions < V16 Update 2","version_end_inclusive":true,"cpe23_uri":"cve5:siemens:simatic-step-7-tia-portal-v16:All versions < V16 Update 2:All versions < V16 Update 2"},{"vendor_slug":"siemens","vendor_name":"Siemens","product_slug":"simatic-step-7-v5","product_name":"SIMATIC STEP 7 V5","version_start":"All versions < V5.6 SP2 HF3","version_start_inclusive":true,"version_end":"All versions < V5.6 SP2 HF3","version_end_inclusive":true,"cpe23_uri":"cve5:siemens:simatic-step-7-v5:All versions < V5.6 SP2 HF3:All versions < V5.6 SP2 HF3"},{"vendor_slug":"siemens","vendor_name":"Siemens","product_slug":"simatic-wincc-oa-v3.16","product_name":"SIMATIC WinCC OA V3.16","version_start":"All versions < V3.16 P018","version_start_inclusive":true,"version_end":"All versions < V3.16 P018","version_end_inclusive":true,"cpe23_uri":"cve5:siemens:simatic-wincc-oa-v3.16:All versions < V3.16 P018:All versions < V3.16 P018"},{"vendor_slug":"siemens","vendor_name":"Siemens","product_slug":"simatic-wincc-oa-v3.17","product_name":"SIMATIC WinCC OA V3.17","version_start":"All versions < V3.17 P003","version_start_inclusive":true,"version_end":"All versions < V3.17 P003","version_end_inclusive":true,"cpe23_uri":"cve5:siemens:simatic-wincc-oa-v3.17:All versions < V3.17 P003:All versions < V3.17 P003"},{"vendor_slug":"siemens","vendor_name":"Siemens","product_slug":"simatic-wincc-runtime-advanced","product_name":"SIMATIC WinCC Runtime Advanced","version_start":"All versions < V16 Update 2","version_start_inclusive":true,"version_end":"All versions < V16 Update 2","version_end_inclusive":true,"cpe23_uri":"cve5:siemens:simatic-wincc-runtime-advanced:All versions < V16 Update 2:All versions < V16 Update 2"},{"vendor_slug":"siemens","vendor_name":"Siemens","product_slug":"simatic-wincc-runtime-professional-v13","product_name":"SIMATIC WinCC Runtime Professional V13","version_start":"All versions < V13 SP2 Update 4","version_start_inclusive":true,"version_end":"All versions < V13 SP2 Update 4","version_end_inclusive":true,"cpe23_uri":"cve5:siemens:simatic-wincc-runtime-professional-v13:All versions < V13 SP2 Update 4:All versions < V13 SP2 Update 4"},{"vendor_slug":"siemens","vendor_name":"Siemens","product_slug":"simatic-wincc-runtime-professional-v14","product_name":"SIMATIC WinCC Runtime Professional V14","version_start":"All versions < V14 SP1 Update 10","version_start_inclusive":true,"version_end":"All versions < V14 SP1 Update 10","version_end_inclusive":true,"cpe23_uri":"cve5:siemens:simatic-wincc-runtime-professional-v14:All versions < V14 SP1 Update 10:All versions < V14 SP1 Update 10"},{"vendor_slug":"siemens","vendor_name":"Siemens","product_slug":"simatic-wincc-runtime-professional-v15","product_name":"SIMATIC WinCC Runtime Professional V15","version_start":"All versions < V15.1 Update 5","version_start_inclusive":true,"version_end":"All versions < V15.1 Update 5","version_end_inclusive":true,"cpe23_uri":"cve5:siemens:simatic-wincc-runtime-professional-v15:All versions < V15.1 Update 5:All versions < V15.1 Update 5"},{"vendor_slug":"siemens","vendor_name":"Siemens","product_slug":"simatic-wincc-runtime-professional-v16","product_name":"SIMATIC WinCC Runtime Professional V16","version_start":"All versions < V16 Update 2","version_start_inclusive":true,"version_end":"All versions < V16 Update 2","version_end_inclusive":true,"cpe23_uri":"cve5:siemens:simatic-wincc-runtime-professional-v16:All versions < V16 Update 2:All versions < V16 Update 2"},{"vendor_slug":"siemens","vendor_name":"Siemens","product_slug":"simatic-wincc-v7.4","product_name":"SIMATIC WinCC V7.4","version_start":"All versions < V7.4 SP1 Update 14","version_start_inclusive":true,"version_end":"All versions < V7.4 SP1 Update 14","version_end_inclusive":true,"cpe23_uri":"cve5:siemens:simatic-wincc-v7.4:All versions < V7.4 SP1 Update 14:All versions < V7.4 SP1 Update 14"},{"vendor_slug":"siemens","vendor_name":"Siemens","product_slug":"simatic-wincc-v7.5","product_name":"SIMATIC WinCC V7.5","version_start":"All versions < V7.5 SP1 Update 3","version_start_inclusive":true,"version_end":"All versions < V7.5 SP1 Update 3","version_end_inclusive":true,"cpe23_uri":"cve5:siemens:simatic-wincc-v7.5:All versions < V7.5 SP1 Update 3:All versions < V7.5 SP1 Update 3"},{"vendor_slug":"siemens","vendor_name":"Siemens","product_slug":"sinamics-startdrive","product_name":"SINAMICS Startdrive","version_start":"All Versions < V16 Update 3","version_start_inclusive":true,"version_end":"All Versions < V16 Update 3","version_end_inclusive":true,"cpe23_uri":"cve5:siemens:sinamics-startdrive:All Versions < V16 Update 3:All Versions < V16 Update 3"},{"vendor_slug":"siemens","vendor_name":"Siemens","product_slug":"sinamics-starter","product_name":"SINAMICS STARTER","version_start":"All Versions < V5.4 HF2","version_start_inclusive":true,"version_end":"All Versions < V5.4 HF2","version_end_inclusive":true,"cpe23_uri":"cve5:siemens:sinamics-starter:All Versions < V5.4 HF2:All Versions < V5.4 HF2"},{"vendor_slug":"siemens","vendor_name":"Siemens","product_slug":"sinec-nms","product_name":"SINEC NMS","version_start":"All versions < V1.0 SP2","version_start_inclusive":true,"version_end":"All versions < V1.0 SP2","version_end_inclusive":true,"cpe23_uri":"cve5:siemens:sinec-nms:All versions < V1.0 SP2:All versions < V1.0 SP2"},{"vendor_slug":"siemens","vendor_name":"Siemens","product_slug":"sinema-server","product_name":"SINEMA Server","version_start":"All versions < V14 SP3","version_start_inclusive":true,"version_end":"All versions < V14 SP3","version_end_inclusive":true,"cpe23_uri":"cve5:siemens:sinema-server:All versions < V14 SP3:All versions < V14 SP3"},{"vendor_slug":"siemens","vendor_name":"Siemens","product_slug":"sinumerik-one-virtual","product_name":"SINUMERIK ONE virtual","version_start":"All Versions < V6.14","version_start_inclusive":true,"version_end":"All Versions < V6.14","version_end_inclusive":true,"cpe23_uri":"cve5:siemens:sinumerik-one-virtual:All Versions < V6.14:All Versions < V6.14"},{"vendor_slug":"siemens","vendor_name":"Siemens","product_slug":"sinumerik-operate","product_name":"SINUMERIK Operate","version_start":"All Versions < V6.14","version_start_inclusive":true,"version_end":"All Versions < V6.14","version_end_inclusive":true,"cpe23_uri":"cve5:siemens:sinumerik-operate:All Versions < V6.14:All Versions < V6.14"}],"exploit_refs":[],"news":[],"references":[{"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-312271.pdf","source_type":"MISC","tags":[]},{"url":"https://us-cert.cisa.gov/ics/advisories/icsa-20-161-04","source_type":"VENDOR_ADVISORY","tags":["advisory"]}],"timeline":[{"type":"published","at":"2020-06-10T00:00:00Z","label":"CVE published","source":null}]}