CVE-2020-7585
Description
A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3), SIMATIC PDM (All versions < V9.2), SIMATIC STEP 7 V5.X (All versions < V5.6 SP2 HF3), SINAMICS STARTER (containing STEP 7 OEM version) (All versions < V5.4 HF2). A DLL Hijacking vulnerability could allow a local attacker to execute code with elevated privileges. The security vulnerability could be exploited by an attacker with local access to the affected systems. Successful exploitation requires user privileges but no user interaction. The vulnerability could allow an attacker to compromise the availability of the system as well as to have access to confidential information.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A DLL hijacking vulnerability in Siemens SIMATIC, SINAMICS, and PDM products allows local attackers to execute code with elevated privileges.
Vulnerability
A DLL hijacking vulnerability (CWE-427) exists in multiple Siemens products due to an uncontrolled search path element. Affected versions include SIMATIC PCS 7 V8.2 and earlier, SIMATIC PCS 7 V9.0 before V9.0 SP3, SIMATIC PDM before V9.2, SIMATIC STEP 7 V5.X before V5.6 SP2 HF3, and SINAMICS STARTER (containing STEP 7 OEM version) before V5.4 HF2 [1]. An attacker with local access can exploit this by placing a malicious DLL in a directory that the application searches before the intended location, causing the malicious DLL to be loaded instead of the legitimate one.
Exploitation
An attacker must have local access to the affected system and possess user-level privileges (no admin rights required) [1]. The attack complexity is low, and no user interaction is needed beyond the attacker's own actions. The attacker places a crafted DLL in a directory that the vulnerable application searches, such as by leveraging a writable directory in the search path. When the application loads the DLL, the malicious code executes.
Impact
Successful exploitation allows the attacker to execute arbitrary code with elevated privileges, potentially leading to disclosure of confidential information, modification of data, or a denial-of-service condition affecting system availability [1]. The CVSS v3 base score is 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high impact on confidentiality, integrity, and availability.
Mitigation
Siemens has released updates to address this vulnerability: SIMATIC PCS 7 V9.0 SP3, SIMATIC PDM V9.2, SIMATIC STEP 7 V5.6 SP2 HF3, and SINAMICS STARTER V5.4 HF2 [1]. For SIMATIC PCS 7 V8.2 and earlier, which are end-of-life, no fix is available, and users should upgrade to a supported version. General mitigation measures include restricting local access to trusted users and verifying the integrity of DLL files before execution.
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
8- Range: < V9.2
- Range: < V5.6 SP2 HF3
- Range: V8.2 and earlier
- Siemens/SIMATIC PCS 7 V8.2 and earlierv5Range: All versions
All versions < V9.0 SP3+ 1 more
- (no CPE)range: All versions < V9.0 SP3
- (no CPE)range: All versions < V9.2
- Range: All versions < V5.6 SP2 HF3
- Siemens/SINAMICS STARTER (containing STEP 7 OEM version)v5Range: All versions < V5.4 HF2
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- cert-portal.siemens.com/productcert/pdf/ssa-689942.pdfmitrex_refsource_MISC
- us-cert.cisa.gov/ics/advisories/icsa-20-161-05mitrex_refsource_CONFIRM
- www.us-cert.gov/ics/advisories/icsa-20-161-05mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.