CVE-2020-28397
First published: Tue Aug 10 2021(Updated: )
A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V21.9), SIMATIC S7 PLCSIM Advanced (All versions > V2 < V4), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (Version V4.4), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions > V2.5 < V2.9.2), SIMATIC S7-1500 Software Controller (All versions > V2.5 < V21.9), TIM 1531 IRC (incl. SIPLUS NET variants) (Version V2.1). Due to an incorrect authorization check in the affected component, an attacker could extract information about access protected PLC program variables over port 102/tcp from an affected device when reading multiple attributes at once.
Credit: productcert@siemens.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Siemens CPU 1504D TF Firmware | <2.9.2 | |
| Siemens CPU 1504D TF Firmware | ||
| Siemens CPU 1507D TF Firmware | <2.9.2 | |
| Siemens CPU 1507D TF Firmware | ||
| Siemens CPU 1515SP PC2 TF | <21.9 | |
| Siemens SIMATIC S7-1500 CPU 1515SP PC2 TF | ||
| Siemens SIMATIC S7-PLCSIM Advanced Firmware | >=2.0<4.0 | |
| Siemens SIMATIC S7 PLCSIM Advanced Firmware | ||
| Siemens S7-1500 Controller | >=2.5<21.9 | |
| Siemens Simatic TIM 1531 IRC Firmware | =2.1 | |
| Siemens TIM 1531 IRC Firmware | ||
| Siemens S7-1200 CPU 1211C Firmware | =4.4 | |
| Siemens S7-1200 CPU 1211C | ||
| Siemens S7-1200 CPU 1212C Firmware | =4.4 | |
| Siemens S7-1200 CPU 1212C | ||
| Siemens S7-1200 CPU 1212FC Firmware | =4.4 | |
| Siemens S7-1200 CPU 1212FC | ||
| Siemens S7-1200 CPU 1214FC Firmware | =4.4 | |
| Siemens CPU 1214FC Firmware | ||
| Siemens CPU 1214C Firmware | =4.4 | |
| Siemens SIMATIC S7-1200 CPU 1214C | ||
| Siemens S7-1200 CPU 1215FC Firmware | =4.4 | |
| Siemens CPU 1215FC Firmware | ||
| Siemens S7-1200 CPU 1215C Firmware | =4.4 | |
| Siemens S7-1200 CPU 1215C | ||
| Siemens S7-1200 CPU 1217C Firmware | =4.4 | |
| Siemens S7-1200 CPU 1217C | ||
| Siemens SIPLUS ET 200SP CPU 1510SP F-1 PN Firmware | >=2.5<2.9.2 | |
| Siemens SIPLUS ET 200SP CPU 1510SP F-1 PN Firmware | ||
| Siemens SIPLUS CPU 1511F-1 PN Firmware | >=2.5<2.9.2 | |
| Siemens SIPLUS CPU 1511F-1 PN Firmware | ||
| Siemens SIPLUS CPU 1511F-1 PN | >=2.5<2.9.2 | |
| Siemens CPU 1511F-1PN | ||
| Siemens SIPLUS CPU 1512SP-1 PN | >=2.5<2.9.2 | |
| Siemens SIPLUS CPU 1512SP-1 PN Firmware | ||
| Siemens SIPLUS ET 200SP CPU 1512SP F-1 PN Firmware | >=2.5<2.9.2 | |
| Siemens SIPLUS CPU 1512SP F-1 PN | ||
| siemens SIPLUS CPU 1513f-1 pn firmware | >=2.5<2.9.2 | |
| Siemens SIPLUS CPU 1513-1 PN Firmware | ||
| Siemens SIPLUS S7-1500 CPU 1513F-1 PN Firmware | >=2.5<2.9.2 | |
| Siemens SIPLUS S7-1500 CPU 1513F-1 PN Firmware | ||
| Siemens SIPLUS CPU 1516-3 PN/DP Firmware | >=2.5<2.9.2 | |
| siemens SIPLUS CPU 1516-3 pn/dp | ||
| Siemens SIPLUS CPU-1516F-3 PN/DP Firmware | >=2.5<2.9.2 | |
| Siemens SIPLUS CPU 1516F-3 PN/DP | ||
| Siemens SIPLUS CPU 1518-4 PN/DP Firmware | >=2.5<2.9.2 | |
| Siemens SIPLUS CPU 1518-4 PN/DP | ||
| Siemens SIPLUS CPU 1518F-4 PN/DP Firmware | >=2.5<2.9.2 | |
| Siemens SIPLUS CPU 1518F-4 PN/DP | ||
| Siemens CPU 1510SP-1 PN | >=2.5<2.9.2 | |
| Siemens CPU 1510SP-1 PN | ||
| Siemens SIPLUS CPU 1510SP F-1PN Firmware | >=2.5<2.9.2 | |
| Siemens CPU 1510SP F-1 | ||
| Siemens CPU 1511-1 PN Firmware | >=2.5<2.9.2 | |
| Siemens CPU 1511-1PN Firmware | ||
| Siemens CPU 1511C-1 PN | >=2.5<2.9.2 | |
| Siemens CPU 1511C-1 PN Firmware | ||
| Siemens CPU 1511F-1PN | >=2.5<2.9.2 | |
| Siemens SIPLUS CPU 1511F-1 PN | ||
| Siemens SIMATIC CPU 1511T-1 PN | >=2.5<2.9.2 | |
| Siemens SIMATIC CPU 1511T-1 PN | ||
| Siemens CPU 1511TF-1PN | >=2.5<2.9.2 | |
| Siemens CPU 1511TF-1PN Firmware | ||
| Siemens CPU 1512C-1 PN | >=2.5<2.9.2 | |
| Siemens CPU 1512C-1 PN | ||
| Siemens CPU 1512SP-1 PN | >=2.5<2.9.2 | |
| Siemens CPU 1512SP-1 PN Firmware | ||
| Siemens CPU 1512SP F-1 PN | >=2.5<2.9.2 | |
| Siemens CPU 1512SP F-1 PN Firmware | ||
| Siemens CPU 1513-1 PN | >=2.5<2.9.2 | |
| Siemens CPU 1513-1 PN Firmware | ||
| Siemens CPU 1513F-1 PN Firmware | >=2.5<2.9.2 | |
| Siemens CPU 1513F-1 PN Firmware | ||
| Siemens CPU 1513R-1 PN | >=2.5<2.9.2 | |
| Siemens CPU 1513R-1 PN | ||
| Siemens CPU 1513pro F-2 PN | >=2.5<2.9.2 | |
| Siemens Simatic S7-1500 CPU 1513pro F-2 PN | ||
| Siemens CPU 1515-2 | >=2.5<2.9.2 | |
| Siemens SIMATIC S7-1500 CPU 1515-2 | ||
| Siemens Simatic S7-1500 CPU 1515F-2 Firmware | >=2.5<2.9.2 | |
| Siemens CPU 1515F-2 Firmware | ||
| Siemens CPU 1515R-2 PN | >=2.5<2.9.2 | |
| Siemens SIMATIC S7-1500 CPU 1515R-2 PN | ||
| Siemens CPU 1515T-2 PN | >=2.5<2.9.2 | |
| Siemens CPU 1515T-2 PN | ||
| Siemens CPU 1515TF-2 PN | >=2.5<2.9.2 | |
| Siemens SIMATIC S7-1500 CPU 1515TF-2 PN | ||
| Siemens CPU 1516pro F-2 PN | >=2.5<2.9.2 | |
| Siemens Simatic S7-1500 CPU 1516pro F-2 PN | ||
| Siemens CPU 1516pro-2 PN | >=2.5<2.9.2 | |
| Siemens CPU 1516pro F-2 PN | ||
| Siemens CPU 1516-3 | >=2.5<2.9.2 | |
| Siemens SIMATIC S7-1500 CPU 1516-3 | ||
| Siemens SIMATIC S7-1500 CPU 1516F-3 Firmware | >=2.5<2.9.2. | |
| Siemens CPU 1516F-3 Firmware | ||
| Siemens CPU 1516T-3 PN/DP Firmware | >=2.5<2.9.2 | |
| siemens CPU 1516t-3 pn/dp | ||
| Siemens CPU 1516TF-3 PN/DP Firmware | >=2.5<2.9.2 | |
| Siemens CPU 1516TF-3 PN/DP | ||
| Siemens CPU 1517-3 PN/DP Firmware | >=2.5<2.9.2 | |
| Siemens CPU 1517-3 PN/DP | ||
| Siemens CPU 1517F-3 PN/DP Firmware | >=2.5<2.9.2 | |
| Siemens CPU 1517F-3 PN/DP | ||
| Siemens CPU 1517T-3 PN/DP Firmware | >=2.5<2.9.2 | |
| Siemens CPU 1517T-3 PN/DP | ||
| Siemens CPU 1517TF-3 PN/DP Firmware | >=2.5<2.9.2 | |
| Siemens CPU 1517TF-3 PN/DP | ||
| Siemens CPU 1518-4 PN/DP Firmware | >=2.5<2.9.2 | |
| Siemens SIMATIC S7-1500 CPU 1518-4 PN/DP | ||
| Siemens CPU 1518F-4 PN/DP Firmware | >=2.5<2.9.2 | |
| Siemens CPU 1518F-4 PN/DP |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2020-28397?
CVE-2020-28397 has been classified as a high-severity vulnerability affecting various Siemens Drive Controller products.
How do I fix CVE-2020-28397?
To fix CVE-2020-28397, update affected software to the versions specified in the Siemens security advisory.
What products are affected by CVE-2020-28397?
CVE-2020-28397 affects several Siemens products including the SIMATIC Drive Controller family and the SIMATIC ET 200SP Open Controller among others.
Is CVE-2020-28397 being exploited in the wild?
As of now, there is no public information indicating that CVE-2020-28397 is actively being exploited in the wild.
Can CVE-2020-28397 impact my operational technology systems?
Yes, CVE-2020-28397 can pose a significant risk to operational technology systems utilizing affected Siemens products.
- agent/type
- agent/weakness
- agent/remedy
- agent/severity
- agent/author
- agent/references
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/siemens
- canonical/siemens cpu 1504d tf firmware
- canonical/siemens cpu 1507d tf firmware
- canonical/siemens cpu 1515sp pc2 tf
- canonical/siemens simatic s7-1500 cpu 1515sp pc2 tf
- canonical/siemens simatic s7-plcsim advanced firmware
- version/siemens simatic s7-plcsim advanced firmware/2.0
- canonical/siemens simatic s7 plcsim advanced firmware
- canonical/siemens s7-1500 controller
- version/siemens s7-1500 controller/2.5
- canonical/siemens simatic tim 1531 irc firmware
- version/siemens simatic tim 1531 irc firmware/2.1
- canonical/siemens tim 1531 irc firmware
- canonical/siemens s7-1200 cpu 1211c firmware
- version/siemens s7-1200 cpu 1211c firmware/4.4
- canonical/siemens s7-1200 cpu 1211c
- canonical/siemens s7-1200 cpu 1212c firmware
- version/siemens s7-1200 cpu 1212c firmware/4.4
- canonical/siemens s7-1200 cpu 1212c
- canonical/siemens s7-1200 cpu 1212fc firmware
- version/siemens s7-1200 cpu 1212fc firmware/4.4
- canonical/siemens s7-1200 cpu 1212fc
- canonical/siemens s7-1200 cpu 1214fc firmware
- version/siemens s7-1200 cpu 1214fc firmware/4.4
- canonical/siemens cpu 1214fc firmware
- canonical/siemens cpu 1214c firmware
- version/siemens cpu 1214c firmware/4.4
- canonical/siemens simatic s7-1200 cpu 1214c
- canonical/siemens s7-1200 cpu 1215fc firmware
- version/siemens s7-1200 cpu 1215fc firmware/4.4
- canonical/siemens cpu 1215fc firmware
- canonical/siemens s7-1200 cpu 1215c firmware
- version/siemens s7-1200 cpu 1215c firmware/4.4
- canonical/siemens s7-1200 cpu 1215c
- canonical/siemens s7-1200 cpu 1217c firmware
- version/siemens s7-1200 cpu 1217c firmware/4.4
- canonical/siemens s7-1200 cpu 1217c
- canonical/siemens siplus et 200sp cpu 1510sp f-1 pn firmware
- version/siemens siplus et 200sp cpu 1510sp f-1 pn firmware/2.5
- canonical/siemens siplus cpu 1511f-1 pn firmware
- version/siemens siplus cpu 1511f-1 pn firmware/2.5
- canonical/siemens siplus cpu 1511f-1 pn
- version/siemens siplus cpu 1511f-1 pn/2.5
- canonical/siemens cpu 1511f-1pn
- canonical/siemens siplus cpu 1512sp-1 pn
- version/siemens siplus cpu 1512sp-1 pn/2.5
- canonical/siemens siplus cpu 1512sp-1 pn firmware
- canonical/siemens siplus et 200sp cpu 1512sp f-1 pn firmware
- version/siemens siplus et 200sp cpu 1512sp f-1 pn firmware/2.5
- canonical/siemens siplus cpu 1512sp f-1 pn
- canonical/siemens siplus cpu 1513f-1 pn firmware
- version/siemens siplus cpu 1513f-1 pn firmware/2.5
- canonical/siemens siplus cpu 1513-1 pn firmware
- canonical/siemens siplus s7-1500 cpu 1513f-1 pn firmware
- version/siemens siplus s7-1500 cpu 1513f-1 pn firmware/2.5
- canonical/siemens siplus cpu 1516-3 pn/dp firmware
- version/siemens siplus cpu 1516-3 pn/dp firmware/2.5
- canonical/siemens siplus cpu 1516-3 pn/dp
- canonical/siemens siplus cpu-1516f-3 pn/dp firmware
- version/siemens siplus cpu-1516f-3 pn/dp firmware/2.5
- canonical/siemens siplus cpu 1516f-3 pn/dp
- canonical/siemens siplus cpu 1518-4 pn/dp firmware
- version/siemens siplus cpu 1518-4 pn/dp firmware/2.5
- canonical/siemens siplus cpu 1518-4 pn/dp
- canonical/siemens siplus cpu 1518f-4 pn/dp firmware
- version/siemens siplus cpu 1518f-4 pn/dp firmware/2.5
- canonical/siemens siplus cpu 1518f-4 pn/dp
- canonical/siemens cpu 1510sp-1 pn
- version/siemens cpu 1510sp-1 pn/2.5
- canonical/siemens siplus cpu 1510sp f-1pn firmware
- version/siemens siplus cpu 1510sp f-1pn firmware/2.5
- canonical/siemens cpu 1510sp f-1
- canonical/siemens cpu 1511-1 pn firmware
- version/siemens cpu 1511-1 pn firmware/2.5
- canonical/siemens cpu 1511-1pn firmware
- canonical/siemens cpu 1511c-1 pn
- version/siemens cpu 1511c-1 pn/2.5
- canonical/siemens cpu 1511c-1 pn firmware
- version/siemens cpu 1511f-1pn/2.5
- canonical/siemens simatic cpu 1511t-1 pn
- version/siemens simatic cpu 1511t-1 pn/2.5
- canonical/siemens cpu 1511tf-1pn
- version/siemens cpu 1511tf-1pn/2.5
- canonical/siemens cpu 1511tf-1pn firmware
- canonical/siemens cpu 1512c-1 pn
- version/siemens cpu 1512c-1 pn/2.5
- canonical/siemens cpu 1512sp-1 pn
- version/siemens cpu 1512sp-1 pn/2.5
- canonical/siemens cpu 1512sp-1 pn firmware
- canonical/siemens cpu 1512sp f-1 pn
- version/siemens cpu 1512sp f-1 pn/2.5
- canonical/siemens cpu 1512sp f-1 pn firmware
- canonical/siemens cpu 1513-1 pn
- version/siemens cpu 1513-1 pn/2.5
- canonical/siemens cpu 1513-1 pn firmware
- canonical/siemens cpu 1513f-1 pn firmware
- version/siemens cpu 1513f-1 pn firmware/2.5
- canonical/siemens cpu 1513r-1 pn
- version/siemens cpu 1513r-1 pn/2.5
- canonical/siemens cpu 1513pro f-2 pn
- version/siemens cpu 1513pro f-2 pn/2.5
- canonical/siemens simatic s7-1500 cpu 1513pro f-2 pn
- canonical/siemens cpu 1515-2
- version/siemens cpu 1515-2/2.5
- canonical/siemens simatic s7-1500 cpu 1515-2
- canonical/siemens simatic s7-1500 cpu 1515f-2 firmware
- version/siemens simatic s7-1500 cpu 1515f-2 firmware/2.5
- canonical/siemens cpu 1515f-2 firmware
- canonical/siemens cpu 1515r-2 pn
- version/siemens cpu 1515r-2 pn/2.5
- canonical/siemens simatic s7-1500 cpu 1515r-2 pn
- canonical/siemens cpu 1515t-2 pn
- version/siemens cpu 1515t-2 pn/2.5
- canonical/siemens cpu 1515tf-2 pn
- version/siemens cpu 1515tf-2 pn/2.5
- canonical/siemens simatic s7-1500 cpu 1515tf-2 pn
- canonical/siemens cpu 1516pro f-2 pn
- version/siemens cpu 1516pro f-2 pn/2.5
- canonical/siemens simatic s7-1500 cpu 1516pro f-2 pn
- canonical/siemens cpu 1516pro-2 pn
- version/siemens cpu 1516pro-2 pn/2.5
- canonical/siemens cpu 1516-3
- version/siemens cpu 1516-3/2.5
- canonical/siemens simatic s7-1500 cpu 1516-3
- canonical/siemens simatic s7-1500 cpu 1516f-3 firmware
- version/siemens simatic s7-1500 cpu 1516f-3 firmware/2.5
- canonical/siemens cpu 1516f-3 firmware
- canonical/siemens cpu 1516t-3 pn/dp firmware
- version/siemens cpu 1516t-3 pn/dp firmware/2.5
- canonical/siemens cpu 1516t-3 pn/dp
- canonical/siemens cpu 1516tf-3 pn/dp firmware
- version/siemens cpu 1516tf-3 pn/dp firmware/2.5
- canonical/siemens cpu 1516tf-3 pn/dp
- canonical/siemens cpu 1517-3 pn/dp firmware
- version/siemens cpu 1517-3 pn/dp firmware/2.5
- canonical/siemens cpu 1517-3 pn/dp
- canonical/siemens cpu 1517f-3 pn/dp firmware
- version/siemens cpu 1517f-3 pn/dp firmware/2.5
- canonical/siemens cpu 1517f-3 pn/dp
- canonical/siemens cpu 1517t-3 pn/dp firmware
- version/siemens cpu 1517t-3 pn/dp firmware/2.5
- canonical/siemens cpu 1517t-3 pn/dp
- canonical/siemens cpu 1517tf-3 pn/dp firmware
- version/siemens cpu 1517tf-3 pn/dp firmware/2.5
- canonical/siemens cpu 1517tf-3 pn/dp
- canonical/siemens cpu 1518-4 pn/dp firmware
- version/siemens cpu 1518-4 pn/dp firmware/2.5
- canonical/siemens simatic s7-1500 cpu 1518-4 pn/dp
- canonical/siemens cpu 1518f-4 pn/dp firmware
- version/siemens cpu 1518f-4 pn/dp firmware/2.5
- canonical/siemens cpu 1518f-4 pn/dp