CVE-2020-25245

A vulnerability has been identified in DIGSI 4 (All versions < V4.94 SP1 HF 1). Several folders in the %PATH% are writeable by normal users. As these folders are included in the search for dlls, an attacker could place dlls there with code executed by SYSTEM.

CVSS v3 7.8 HIGH
CVSS v2.0 7.2 HIGH

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.2^/10

CVSS v2.0 : HIGH

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://cert-portal.siemens.com/productcert/pdf/ssa-536315.pdf	Vendor Advisory
https://us-cert.cisa.gov/ics/advisories/icsa-21-040-10	Patch Third Party Advisory US Government Resource
https://cert-portal.siemens.com/productcert/pdf/ssa-536315.pdf	Vendor Advisory
https://us-cert.cisa.gov/ics/advisories/icsa-21-040-10	Patch Third Party Advisory US Government Resource

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:siemens:digsi_4::::::::
	cpe:2.3:a:siemens:digsi_4:4.94:-::::::
	cpe:2.3:a:siemens:digsi_4:4.94:sp1::::::

History

21 Nov 2024, 05:17

Type	Values Removed	Values Added
References	~~() https://cert-portal.siemens.com/productcert/pdf/ssa-536315.pdf - Vendor Advisory~~	() https://cert-portal.siemens.com/productcert/pdf/ssa-536315.pdf - Vendor Advisory
References	~~() https://us-cert.cisa.gov/ics/advisories/icsa-21-040-10 - Patch, Third Party Advisory, US Government Resource~~	() https://us-cert.cisa.gov/ics/advisories/icsa-21-040-10 - Patch, Third Party Advisory, US Government Resource

Information

Published : 2021-02-09 17:15

Updated : 2024-11-21 05:17

NVD link : CVE-2020-25245

Mitre link : CVE-2020-25245

CVE.ORG link : CVE-2020-25245

JSON object : View

Products Affected

siemens

digsi_4

CWE

CWE-276

Incorrect Default Permissions

{"id": "CVE-2020-25245", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2021-02-09T17:15:13.687", "references": [{"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-536315.pdf", "tags": ["Vendor Advisory"], "source": "productcert@siemens.com"}, {"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-10", "tags": ["Patch", "Third Party Advisory", "US Government Resource"], "source": "productcert@siemens.com"}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-536315.pdf", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-10", "tags": ["Patch", "Third Party Advisory", "US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "productcert@siemens.com", "description": [{"lang": "en", "value": "CWE-276"}]}, {"type": "Secondary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-276"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in DIGSI 4 (All versions < V4.94 SP1 HF 1). Several folders in the %PATH% are writeable by normal users. As these folders are included in the search for dlls, an attacker could place dlls there with code executed by SYSTEM."}, {"lang": "es", "value": "Se ha identificado una vulnerabilidad en DIGSI 4 (Todas las versiones anteriores a V4.94 SP1 HF 1). Los usuarios normales pueden escribir varias carpetas en el %PATH%. Como estas carpetas se incluyen en la b\u00fasqueda de dlls, un atacante podr\u00eda colocar dlls all\u00ed con c\u00f3digo ejecutado por SYSTEM"}], "lastModified": "2024-11-21T05:17:45.247", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:siemens:digsi_4:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "678B3E18-24B8-45E3-8F53-870FA2D9FDA7", "versionEndExcluding": "4.94"}, {"criteria": "cpe:2.3:a:siemens:digsi_4:4.94:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "34D8A45E-9F54-4AA2-A1D4-1BD269A42AFF"}, {"criteria": "cpe:2.3:a:siemens:digsi_4:4.94:sp1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8DE2B35E-E840-45D2-BF72-45C8C4EDEE26"}], "operator": "OR"}]}], "sourceIdentifier": "productcert@siemens.com"}