Rewterz Threat Advisory – CVE-2020-7583 – ICS: Siemens Automation License Manager

Rewterz Threat Advisory – CVE-2020-8597 – ICS: Siemens SCALANCE, RUGGEDCOM

August 12, 2020

Rewterz Threat Advisory – CVE-2020-1046 – Microsoft Windows code execution

August 12, 2020

Rewterz Threat Advisory – CVE-2020-7583 – ICS: Siemens Automation License Manager

Severity

Medium

Analysis Summary

The application does not properly validate the users’ privileges when executing some operations, which could allow an attacker with low permissions to arbitrarily modify files that should be protected against writing.

Impact

Privilege escalation

Affected Vendors

Siemens

Affected Products

Automation License Manager 5: All versions
Automation License Manager 6: All versions prior to v6.0.8

Remediation

Siemens recommends the following:

Users of License Manager 5: Disable access to drives which have licenses installed, for non-administrator users.
Users of License Manager 6: Update to v6.0.8 or later version.

Rewterz Threat Advisory – CVE-2020-8597 – ICS: Siemens SCALANCE, RUGGEDCOM

Rewterz Threat Advisory – CVE-2020-1046 – Microsoft Windows code execution

Rewterz Threat Advisory – CVE-2020-7583 – ICS: Siemens Automation License Manager

Severity

Analysis Summary

Impact

Affected Vendors

Affected Products

Remediation

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan