CVE-2020-25238
HIGHSIMATIC PCS neo < 3.1 and TIA Portal V15-V16 - Authenticated Privilege Escalation via File Manipulation
Title source: llmDescription
A vulnerability has been identified in PCS neo (Administration Console) (All versions < V3.1), TIA Portal (V15, V15.1 and V16). Manipulating certain files in specific folders could allow a local attacker to execute code with SYSTEM privileges. The security vulnerability could be exploited by an attacker with a valid account and limited access rights on the system.
References (3)
Core 3
Core References
Vendor Advisory x_refsource_misc
https://cert-portal.siemens.com/productcert/pdf/ssa-428051.pdf
Third Party Advisory, US Government Resource third-party-advisory
x_refsource_cert-vn
https://www.kb.cert.org/vuls/id/466044
Third Party Advisory, US Government Resource, VDB Entry x_refsource_misc
https://us-cert.cisa.gov/ics/advisories/icsa-21-040-05
Scores
CVSS v3
7.8
EPSS
0.0012
EPSS Percentile
29.8%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-284
CWE-427
Status
published
Products (4)
siemens/simatic_process_control_system_neo
< 3.1
siemens/totally_integrated_automation_portal
15
siemens/totally_integrated_automation_portal
15.1
siemens/totally_integrated_automation_portal
16
Published
Feb 09, 2021
Tracked Since
Feb 18, 2026