CVE-2020-7586: 
Siemens SIMATIC STEP 7 vulnerability analysis and mitigation

CVE-2020-7586 is a heap-based buffer overflow vulnerability affecting multiple Siemens SIMATIC and SINAMICS products, including SIMATIC PCS 7 (all versions including v8.2 and prior), SIMATIC PCS 7 v9.0 (versions prior to 9.0 SP3), SIMATIC PDM (versions prior to 9.2), SIMATIC STEP 7 v5.X (versions prior to 5.6 SP2 HF3), and SINAMICS STARTER (versions prior to 5.4 HF2). The vulnerability was discovered by Uri Katz of Claroty and reported to Siemens (CISA Advisory).

The vulnerability is classified as a heap-based buffer overflow (CWE-122) that could allow an attacker with local access to cause a denial-of-service condition. It has been assigned a CVSS v3 base score of 7.8, with the vector string (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating local access required, low attack complexity, low privileges required, and no user interaction needed (CISA Advisory).

Successful exploitation of this vulnerability could allow an attacker to affect the availability of the affected devices under certain conditions. The vulnerability impacts critical infrastructure sectors including Chemical, Energy, Food and Agriculture, and Water and Wastewater Systems worldwide (CISA Advisory).

Siemens has released updates to address this vulnerability and recommends updating to the following versions: SIMATIC STEP 7 v5.X to v5.6 SP2 HF3 or later, SINAMICS STARTER to v5.4 HF2 or later, SIMATIC PCS 7 v9.0 to v9.0 SP3, and SIMATIC PDM to v9.2 or later. Additional recommendations include restricting access to project files on engineering stations to trusted users, using project files only from trusted sources, and protecting network access to devices with appropriate mechanisms (CISA Advisory).