First published: Wed Sep 09 2020(Updated: )
A vulnerability has been identified in SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC S7-400 CPU family (incl. SIPLUS variants) (All versions), SIMATIC WinAC RTX (F) 2010 (All versions), SINUMERIK 840D sl (All versions). The authentication protocol between a client and a PLC via port 102/tcp (ISO-TSAP) insufficiently protects the transmitted password. This could allow an attacker that is able to intercept the network traffic to obtain valid PLC credentials.
Credit: productcert@siemens.com
Affected Software | Affected Version | How to fix |
---|---|---|
Siemens Simatic S7-300 Cpu 312 Firmware | ||
Siemens Simatic S7-300 Cpu 312 | ||
Siemens Simatic S7-300 Cpu 314 Firmware | ||
Siemens Simatic S7-300 Cpu 314 | ||
Siemens Simatic S7-300 Cpu 315-2 Dp Firmware | ||
Siemens Simatic S7-300 Cpu 315-2 Dp | ||
Siemens Simatic S7-300 Cpu 315-2 Pn Firmware | ||
Siemens Simatic S7-300 Cpu 315-2 Pn | ||
Siemens Simatic S7-300 Cpu 317-2 Pn Firmware | ||
Siemens Simatic S7-300 Cpu 317-2 Pn | ||
Siemens Simatic S7-300 Cpu 317-2 Dp Firmware | ||
Siemens Simatic S7-300 Cpu 317-2 Dp | ||
Siemens Simatic S7-300 Cpu 315f-2 Dp Firmware | ||
Siemens Simatic S7-300 Cpu 315f-2 Dp | ||
Siemens Simatic S7-300 Cpu 315f-2 Pn Firmware | ||
Siemens Simatic S7-300 Cpu 315f-2 Pn | ||
Siemens Simatic S7-300 Cpu 317f-2 Pn Firmware | ||
Siemens Simatic S7-300 Cpu 317f-2 Pn | ||
Siemens Simatic S7-300 Cpu 317f-2 Dp Firmware | ||
Siemens Simatic S7-300 Cpu 317f-2 Dp | ||
Siemens Simatic S7-400 Cpu 412 Firmware | ||
Siemens Simatic S7-400 Cpu 412 | ||
Siemens Simatic S7-400 Cpu 414 Firmware | ||
Siemens Simatic S7-400 Cpu 414 | ||
Siemens Simatic S7-400 Cpu 416 Firmware | ||
Siemens Simatic S7-400 Cpu 416 | ||
Siemens Simatic S7-400 Cpu 417 Firmware | ||
Siemens Simatic S7-400 Cpu 417 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2020-15791 is medium with a CVSS score of 6.5.
CVE-2020-15791 affects SIMATIC S7-300 CPU family, SIMATIC S7-400 CPU family, SIMATIC WinAC RTX (F) 2010, and SINUMERIK 840D sl.
Siemens Simatic S7-300 Cpu 312 is not vulnerable to CVE-2020-15791.
The Common Weakness Enumeration (CWE) ID of CVE-2020-15791 is 522.
To fix CVE-2020-15791, it is recommended to apply the security patches provided by Siemens.