medium
5.3
CWE
20
Advisory Published
Updated

CVE-2020-7588: Input Validation

First published: Tue Jul 14 2020(Updated: )

A vulnerability has been identified in Opcenter Execution Discrete (All versions < V3.2), Opcenter Execution Foundation (All versions < V3.2), Opcenter Execution Process (All versions < V3.2), Opcenter Intelligence (All versions < V3.3), Opcenter Quality (All versions < V11.3), Opcenter RD&L (V8.0), SIMATIC IT LMS (All versions < V2.6), SIMATIC IT Production Suite (All versions < V8.0), SIMATIC Notifier Server for Windows (All versions), SIMATIC PCS neo (All versions < V3.0 SP1), SIMATIC STEP 7 (TIA Portal) V15 (All versions < V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 2), SIMOCODE ES V15.1 (All versions < V15.1 Update 4), SIMOCODE ES V16 (All versions < V16 Update 1), Soft Starter ES V15.1 (All versions < V15.1 Update 3), Soft Starter ES V16 (All versions < V16 Update 1). Sending a specially crafted packet to the affected service could cause a partial remote denial-of-service, that would cause the service to restart itself.

Credit: productcert@siemens.com

Affected SoftwareAffected VersionHow to fix
Siemens Opcenter Execution Discrete<3.2
Siemens Opcenter Execution Foundation<3.2
Siemens Opcenter Execution Process<3.2
Siemens Opcenter Intelligence
Siemens Opcenter Quality<11.3
Siemens Opcenter Rd\&l=8.0
Siemens Simatic It Lms
Siemens Simatic It Production Suite
Siemens Simatic Notifier Server
Siemens Simatic Pcs Neo
Siemens SIMATIC STEP 7>=15<=15.1
Siemens SIMATIC STEP 7=16
Siemens SIMATIC STEP 7=16-update_1
Siemens Simocode Es
Siemens Soft Starter Es

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2020-7588?

    The severity of CVE-2020-7588 is medium with a severity value of 5.3.

  • Which software versions are affected by CVE-2020-7588?

    Opcenter Execution Discrete (All versions < V3.2), Opcenter Execution Foundation (All versions < V3.2), Opcenter Execution Process (All versions < V3.2), Opcenter Intelligence (All versions < V3.3), Opcenter Quality (All versions < V11.3), Opcenter RD&L (V8.0), Siemens Simatic It Lms, Siemens Simatic It Production Suite, Siemens Simatic Notifier Server, Siemens Simatic Pcs Neo, Siemens SIMATIC STEP 7 (versions between 15 and 15.1, version 16 and version 16-update_1), Siemens Simocode Es, and Siemens Soft Starter Es are affected by CVE-2020-7588.

  • How can CVE-2020-7588 be fixed?

    To fix CVE-2020-7588, it is recommended to update the affected software versions to V3.2 or higher for Opcenter Execution Discrete, Opcenter Execution Foundation, and Opcenter Execution Process. For Opcenter Intelligence, update to V3.3 or higher. For Opcenter Quality, update to V11.3 or higher. For Opcenter RD&L, update to the latest available version. Additionally, Siemens recommends implementing appropriate network security measures to protect against potential attacks.

  • What is the CWE of CVE-2020-7588?

    The CWE of CVE-2020-7588 is CWE-20.

  • Where can I find more information about CVE-2020-7588?

    More information about CVE-2020-7588 can be found in the following reference: [Siemens ProductCERT](https://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdf).

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203