CVE-2020-7588: 
Siemens SIMATIC STEP 7 vulnerability analysis and mitigation

A vulnerability has been identified in Siemens UMC Stack components (CVE-2020-7588) related to improper input validation. The vulnerability affects multiple Siemens products including Opcenter Execution Discrete, Opcenter Execution Foundation, Opcenter Execution Process (all versions prior to v3.2), and several other Siemens industrial control systems (CISA Advisory).

The vulnerability is classified as an Improper Input Validation issue (CWE-20). When exploited, sending a specially crafted packet to the affected service could cause a partial remote denial-of-service condition, which would cause the service to restart itself. The vulnerability has been assigned a CVSS v3 base score of 5.3, with the vector string (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) (CISA Advisory).

Successful exploitation of this vulnerability could allow an attacker to cause a partial denial-of-service condition on the UMC component of the affected devices under certain circumstances. This would result in the service restarting itself, potentially disrupting industrial control system operations (CISA Advisory).

Siemens recommends users upgrade affected products to their respective newer versions. For Opcenter Execution Discrete, Foundation, and Process, users should update to v3.2 or later. As a general security measure, Siemens strongly recommends protecting network access to devices with appropriate mechanisms and configuring the environment according to Siemens' operational guidelines for Industrial Security (CISA Advisory).