CVE-2020-10056

EPSS 0.4%CWE-250

Vexday Risk Score

3Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS —EPSS 0.4%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

09 set 2020Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

A vulnerability has been identified in License Management Utility (LMU) (All versions < V2.4). The lmgrd service of the affected application is executed with local SYSTEM privileges on the server while its configuration can be modified by local users. The vulnerability could allow a local authenticated attacker to execute arbitrary commands on the server with local SYSTEM privileges.

Produtos afetados

Siemens AG · License Management Utility (LMU)

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://cert-portal.siemens.com/productcert/pdf/ssa-709003.pdf https://us-cert.cisa.gov/ics/advisories/icsa-20-252-03