CVE-2020-10051 · CVEKit

cve.orgen

328 chars

A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V2.10.2). Multiple services of the affected application are executed with SYSTEM privileges while the call path is not quoted. This could allow a local attacker to inject arbitrary commands that are execeuted instead of the legitimate service.

NVDen

328 chars

A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V2.10.2). Multiple services of the affected application are executed with SYSTEM privileges while the call path is not quoted. This could allow a local attacker to inject arbitrary commands that are execeuted instead of the legitimate service.

NVDes

374 chars

Se ha identificado una vulnerabilidad en SIMATIC RTLS Locating Manager (todas las versiones anteriores a V2.10.2). Se ejecutan varios servicios de la aplicación afectada con privilegios SYSTEM, mientras que la ruta de la llamada no es citada. Esto podría permitir a un atacante local inyectar comandos arbitrarios que son ejecutados en lugar del servicio legítimo.

CVSS metrics across sources

2

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	7.2	3.9	10.0	AV:L/AC:L/Au:N/C:C/I:C/A:C
3.1	Primary	NVD	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H