CVEs-PoC/2020/CVE-2020-7580.md

### [CVE-2020-7580](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7580)
![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20Automation%20Tool&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20NET%20PC%20Software%20V14&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20NET%20PC%20Software%20V15&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20NET%20PC%20Software%20V16&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20PCS%20neo&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ProSave&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20S7-1500%20Software%20Controller&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20STEP%207%20(TIA%20Portal)%20V13&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20STEP%207%20(TIA%20Portal)%20V14&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20STEP%207%20(TIA%20Portal)%20V15&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20STEP%207%20(TIA%20Portal)%20V16&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20STEP%207%20V5&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20WinCC%20OA%20V3.16&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20WinCC%20OA%20V3.17&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20WinCC%20Runtime%20Advanced&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20WinCC%20Runtime%20Professional%20V13&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20WinCC%20Runtime%20Professional%20V14&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20WinCC%20Runtime%20Professional%20V15&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20WinCC%20Runtime%20Professional%20V16&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20WinCC%20V7.4&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20WinCC%20V7.5&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=SINAMICS%20STARTER&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=SINAMICS%20Startdrive&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=SINEC%20NMS&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=SINEMA%20Server&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=SINUMERIK%20ONE%20virtual&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=SINUMERIK%20Operate&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-428%3A%20Unquoted%20Search%20Path%20or%20Element&color=brighgreen)

### Description

A vulnerability has been identified in SIMATIC Automation Tool (All versions < V4 SP2), SIMATIC NET PC Software V14 (All versions < V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions), SIMATIC NET PC Software V16 (All versions < V16 Upd3), SIMATIC PCS neo (All versions < V3.0 SP1), SIMATIC ProSave (All versions < V17), SIMATIC S7-1500 Software Controller (All versions < V21.8), SIMATIC STEP 7 (TIA Portal) V13 (All versions < V13 SP2 Update 4), SIMATIC STEP 7 (TIA Portal) V14 (All versions < V14 SP1 Update 10), SIMATIC STEP 7 (TIA Portal) V15 (All versions < V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 2), SIMATIC STEP 7 V5 (All versions < V5.6 SP2 HF3), SIMATIC WinCC OA V3.16 (All versions < V3.16 P018), SIMATIC WinCC OA V3.17 (All versions < V3.17 P003), SIMATIC WinCC Runtime Advanced (All versions < V16 Update 2), SIMATIC WinCC Runtime Professional V13 (All versions < V13 SP2 Update 4), SIMATIC WinCC Runtime Professional V14 (All versions < V14 SP1 Update 10), SIMATIC WinCC Runtime Professional V15 (All versions < V15.1 Update 5), SIMATIC WinCC Runtime Professional V16 (All versions < V16 Update 2), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 14), SIMATIC WinCC V7.5 (All versions < V7.5 SP1 Update 3), SINAMICS STARTER (All Versions < V5.4 HF2), SINAMICS Startdrive (All Versions < V16 Update 3), SINEC NMS (All versions < V1.0 SP2), SINEMA Server (All versions < V14 SP3), SINUMERIK ONE virtual (All Versions < V6.14), SINUMERIK Operate (All Versions < V6.14). A common component used by the affected applications regularly calls a helper binary with SYSTEM privileges while the call path is not quoted. This could allow a local attacker to execute arbitrary code with SYTEM privileges.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/Live-Hack-CVE/CVE-2020-7580