How severe is CVE-2020-7581?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.7 out of 10.

What type of vulnerability is CVE-2020-7581?

This is classified as CWE-428, which is a common weakness in software security.

CVE-2020-7581

MEDIUM Year: 2020

CVSS v3 Score

6.7

Medium

CVSS v2 Score

7.2

High

Weakness Type

CWE-428

View all →

Vulnerability Description

A vulnerability has been identified in Opcenter Execution Discrete (All versions < V3.2), Opcenter Execution Foundation (All versions < V3.2), Opcenter Execution Process (All versions < V3.2), Opcenter Intelligence (All versions < V3.3), Opcenter Quality (All versions < V11.3), Opcenter RD&L (V8.0), SIMATIC Notifier Server for Windows (All versions), SIMATIC PCS neo (All versions < V3.0 SP1), SIMATIC STEP 7 (TIA Portal) V15 (All versions < V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 2), SIMOCODE ES V15.1 (All versions < V15.1 Update 4), SIMOCODE ES V16 (All versions < V16 Update 1), Soft Starter ES V15.1 (All versions < V15.1 Update 3), Soft Starter ES V16 (All versions < V16 Update 1). A component within the affected application calls a helper binary with SYSTEM privileges during startup while the call path is not quoted. This could allow a local attacker with administrative privileges to execute code with SYSTEM level privileges.

CVE-2017-14019

MEDIUM

CVSS:6.7(Medium)

An Unquoted Search Path or Element issue was discovered in Progea Movicon Version 11.5.1181 and prior. An unquoted search path or element vulnerability has been identified, which may allow an authoriz...

CWE-4282017

CVE-2017-5873

MEDIUM

CVSS:6.7(Medium)

Unquoted Windows search path vulnerability in the guest service in Unisys s-Par before 4.4.20 allows local users to gain privileges via a Trojan horse executable file in the %SYSTEMDRIVE% directory, a...

CWE-4282017

CVE-2018-14789

MEDIUM

CVSS:6.7(Medium)

In Philips' IntelliSpace Cardiovascular (ISCV) products (ISCV Version 3.1 or prior and Xcelera Version 4.1 or prior), an unquoted search path or element vulnerability has been identified, which may al...

CWE-4282018

CVE-2019-11093

MEDIUM

CVSS:6.7(Medium)

Unquoted service path in the installer for the Intel(R) SCS Discovery Utility version 12.0.0.129 and earlier may allow an authenticated user to potentially enable escalation of privilege via local acc...

CWE-4282019

CVE-2019-6145

MEDIUM

CVSS:6.7(Medium)

Forcepoint VPN Client for Windows versions lower than 6.6.1 have an unquoted search path vulnerability. This enables local privilege escalation to SYSTEM user. By default, only local administrators ca...

CWE-4282019

CVE-2019-6149

MEDIUM

CVSS:6.7(Medium)

An unquoted search path vulnerability was identified in Lenovo Dynamic Power Reduction Utility prior to version 2.2.2.0 that could allow a malicious user with local access to execute code with adminis...

CWE-4282019

CVE-2020-7581

Vulnerability Description

Related Vulnerabilities

CVE-2017-14019

CVE-2017-5873

CVE-2018-14789

CVE-2019-11093

CVE-2019-6145

CVE-2019-6149