medium
5.3
CWE
863
Advisory Published
Updated

CVE-2020-28397

First published: Tue Aug 10 2021(Updated: )

A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V21.9), SIMATIC S7 PLCSIM Advanced (All versions > V2 < V4), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (Version V4.4), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions > V2.5 < V2.9.2), SIMATIC S7-1500 Software Controller (All versions > V2.5 < V21.9), TIM 1531 IRC (incl. SIPLUS NET variants) (Version V2.1). Due to an incorrect authorization check in the affected component, an attacker could extract information about access protected PLC program variables over port 102/tcp from an affected device when reading multiple attributes at once.

Credit: productcert@siemens.com

Affected SoftwareAffected VersionHow to fix
Siemens Cpu 1504d Tf Firmware<2.9.2
Siemens Cpu 1504d Tf
Siemens Cpu 1507d Tf Firmware<2.9.2
Siemens Cpu 1507d Tf
Siemens Cpu 1515sp Pc2 Tf Firmware<21.9
Siemens Cpu 1515sp Pc2 Tf
Siemens Simatic S7 Plcsim Advanced Firmware>=2.0<4.0
Siemens Simatic S7 Plcsim Advanced
Siemens SIMATIC S7-1500 Software Controller>=2.5<21.9
Siemens Tim 1531 Irc Firmware=2.1
Siemens Tim 1531 Irc
Siemens Cpu 1211c Firmware=4.4
Siemens Cpu 1211c
Siemens Cpu 1212c Firmware=4.4
Siemens Cpu 1212c
Siemens Cpu 1212fc Firmware=4.4
Siemens Cpu 1212fc
Siemens Cpu 1214fc Firmware=4.4
Siemens Cpu 1214fc
Siemens Cpu 1214c Firmware=4.4
Siemens Cpu 1214c
Siemens Cpu 1215fc Firmware=4.4
Siemens Cpu 1215fc
Siemens Cpu 1215c Firmware=4.4
Siemens Cpu 1215c
Siemens Cpu 1217c Firmware=4.4
Siemens Cpu 1217c
Siemens Siplus Cpu 1510sp F-1pn Firmware>=2.5<2.9.2
Siemens Siplus Cpu 1510sp F-1pn
Siemens Siplus Cpu 1511-1 Pn Firmware>=2.5<2.9.2
Siemens Siplus Cpu 1511-1 Pn
Siemens Siplus Cpu 1511f-1 Pn Firmware>=2.5<2.9.2
Siemens Siplus Cpu 1511f-1 Pn
Siemens Siplus Cpu 1512sp-1 Pn Firmware>=2.5<2.9.2
Siemens Siplus Cpu 1512sp-1 Pn
Siemens Siplus Cpu 1512sp F-1pn Firmware>=2.5<2.9.2
Siemens Siplus Cpu 1512sp F-1pn
Siemens Siplus Cpu 1513-1 Pn Firmware>=2.5<2.9.2
Siemens Siplus Cpu 1513-1 Pn
Siemens Siplus Cpu 1513f-1 Pn Firmware>=2.5<2.9.2
Siemens Siplus Cpu 1513f-1 Pn
Siemens Siplus Cpu 1516-3 Pn\/dp Firmware>=2.5<2.9.2
Siemens Siplus Cpu 1516-3 Pn\/dp
Siemens Siplus Cpu-1516f-3 Pn\/dp Firmware>=2.5<2.9.2
Siemens Siplus Cpu-1516f-3 Pn\/dp
Siemens Siplus Cpu 1518-4 Pn\/dp Firmware>=2.5<2.9.2
Siemens Siplus Cpu 1518-4 Pn\/dp
Siemens Siplus Cpu 1518f-4 Pn\/dp Firmware>=2.5<2.9.2
Siemens Siplus Cpu 1518f-4 Pn\/dp
Siemens Cpu 1510sp-1pn Firmware>=2.5<2.9.2
Siemens Cpu 1510sp-1pn
Siemens Cpu1510sp F-1 Firmware>=2.5<2.9.2
Siemens Cpu1510sp F-1
Siemens Cpu 1511-1pn Firmware>=2.5<2.9.2
Siemens Cpu 1511-1pn
Siemens Cpu 1511c-1 Pn Firmware>=2.5<2.9.2
Siemens Cpu 1511c-1 Pn
Siemens Cpu 1511f-1pn Firmware>=2.5<2.9.2
Siemens Cpu 1511f-1pn
Siemens Cpu 1511t-1pn Firmware>=2.5<2.9.2
Siemens Cpu 1511t-1pn
Siemens Cpu 1511tf-1pn Firmware>=2.5<2.9.2
Siemens Cpu 1511tf-1pn
Siemens Cpu 1512c-1 Pn Firmware>=2.5<2.9.2
Siemens Cpu 1512c-1 Pn
Siemens Cpu 1512sp-1 Pn Firmware>=2.5<2.9.2
Siemens Cpu 1512sp-1 Pn
Siemens Cpu 1512sp F-1 Pn Firmware>=2.5<2.9.2
Siemens Cpu 1512sp F-1 Pn
Siemens Cpu 1513-1 Pn Firmware>=2.5<2.9.2
Siemens Cpu 1513-1 Pn
Siemens Cpu 1513f-1 Pn Firmware>=2.5<2.9.2
Siemens Cpu 1513f-1 Pn
Siemens Cpu 1513r-1 Pn Firmware>=2.5<2.9.2
Siemens Cpu 1513r-1 Pn
Siemens Cpu 1513pro F-2 Pn Firmware>=2.5<2.9.2
Siemens Cpu 1513pro F-2 Pn
Siemens Cpu 1515-2 Firmware>=2.5<2.9.2
Siemens Cpu 1515-2
Siemens Cpu 1515f-2 Firmware>=2.5<2.9.2
Siemens Cpu 1515f-2
Siemens Cpu 1515r-2 Pn Firmware>=2.5<2.9.2
Siemens Cpu 1515r-2 Pn
Siemens Cpu 1515t-2 Pn Firmware>=2.5<2.9.2
Siemens Cpu 1515t-2 Pn
Siemens Cpu 1515tf-2 Pn Firmware>=2.5<2.9.2
Siemens Cpu 1515tf-2 Pn
Siemens Cpu 1516pro F-2 Pn Firmware>=2.5<2.9.2
Siemens Cpu 1516pro F-2 Pn
Siemens Cpu 1516pro-2 Pn Firmware>=2.5<2.9.2
Siemens Cpu 1516pro-2 Pn
Siemens Cpu 1516-3 Firmware>=2.5<2.9.2
Siemens Cpu 1516-3
Siemens Cpu 1516f-3 Firmware>=2.5<2.9.2.
Siemens Cpu 1516f-3
Siemens Cpu 1516t-3 Pn\/dp Firmware>=2.5<2.9.2
Siemens Cpu 1516t-3 Pn\/dp
Siemens Cpu 1516tf-3 Pn\/dp Firmware>=2.5<2.9.2
Siemens Cpu 1516tf-3 Pn\/dp
Siemens Cpu 1517-3 Pn\/dp Firmware>=2.5<2.9.2
Siemens Cpu 1517-3 Pn\/dp
Siemens Cpu 1517f-3 Pn\/dp Firmware>=2.5<2.9.2
Siemens Cpu 1517f-3 Pn\/dp
Siemens Cpu 1517t-3 Pn\/dp Firmware>=2.5<2.9.2
Siemens Cpu 1517t-3 Pn\/dp
Siemens Cpu 1517tf-3 Pn\/dp Firmware>=2.5<2.9.2
Siemens Cpu 1517tf-3 Pn\/dp
Siemens Cpu 1518-4 Pn\/dp Firmware>=2.5<2.9.2
Siemens Cpu 1518-4 Pn\/dp
Siemens Cpu 1518f-4 Pn\/dp Firmware>=2.5<2.9.2
Siemens Cpu 1518f-4 Pn\/dp

Remedy

https://cert-portal.siemens.com/productcert/pdf/ssa-865327.pdf

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203