First published: Wed Sep 09 2020(Updated: )
A vulnerability has been identified in SIMATIC HMI Basic Panels 2nd Generation (incl. SIPLUS variants) (All versions < V16), SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions <= V16), SIMATIC HMI Mobile Panels (All versions <= V16), SIMATIC HMI Unified Comfort Panels (All versions <= V16). Affected devices insufficiently block excessive authentication attempts. This could allow a remote attacker to discover user passwords and obtain access to the Sm@rt Server via a brute-force attack.
Credit: productcert@siemens.com
Affected Software | Affected Version | How to fix |
---|---|---|
Siemens Simatic Hmi Basic Panels 2nd Generation Firmware | <=14 | |
Siemens Simatic Hmi Basic Panels 2nd Generation | ||
Siemens Simatic Hmi Comfort Panels Firmware | ||
Siemens Simatic Hmi Comfort Panels | ||
Siemens Simatic Hmi Mobile Panels Firmware | ||
Siemens Simatic Hmi Mobile Panels | ||
Siemens Simatic Hmi United Comfort Panels Firmware | ||
Siemens Simatic Hmi United Comfort Panels |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is CVE-2020-15786.
SIMATIC HMI Basic Panels 2nd Generation (incl. SIPLUS variants) (All versions < V16), SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions <= V16), SIMATIC HMI Mobile Panels (All versions <= V16), SIMATIC HMI Unified Comfort Panels (All versions <= V16) are affected by this vulnerability.
The severity of CVE-2020-15786 is critical with a CVSS score of 9.8.
To fix this vulnerability, Siemens recommends applying the security updates provided in the security advisory.
You can find more information about this vulnerability in the security advisory published by Siemens.