Lucene search

SiemensCVE-2020-15782

HistoryMay 28, 2021 - 4:15 p.m.

CVE-2020-15782

2021-05-2816:15:07

CWE-119

siemens

web.nvd.nist.gov

208

cve-2020-15782

vulnerability

simatic drive controller

simatic et 200sp open controller

simatic s7-1200

simatic s7-1500

simatic s7-plcsim advanced

sinamics perfect harmony gh180 drives

sinumerik mc

sinumerik one

memory protection bypass

network security

nvd

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.5

Confidence

High

EPSS

0.005

Percentile

77.0%

JSON

A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V21.9), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.5.0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V2.9.2), SIMATIC S7-1500 Software Controller (All versions < V21.9), SIMATIC S7-PLCSIM Advanced (All versions < V4.0), SINAMICS PERFECT HARMONY GH180 Drives (Drives manufactured before 2021-08-13), SINUMERIK MC (All versions < V6.15), SINUMERIK ONE (All versions < V6.15). Affected devices are vulnerable to a memory protection bypass through a specific operation. A remote unauthenticated attacker with network access to port 102/tcp could potentially write arbitrary data and code to protected memory areas or read sensitive data to launch further attacks.

Affected configurations

Nvd

Node

siemenscpu_1504d_tfMatch-

siemenscpu_1507d_tfMatch-

AND

siemenssimatic_driver_controller_firmwareRange<2.9.2

Node

siemenscpu_1211cMatch-

siemenscpu_1212cMatch-

siemenscpu_1212fcMatch-

siemenscpu_1214cMatch-

siemenscpu_1214fcMatch-

siemenscpu_1215cMatch-

siemenscpu_1215fcMatch-

siemenscpu_1217cMatch-

AND

siemenss7-1200_cpu_firmwareRange<4.5.0

Node

siemens6es7510-1dj01-0ab0Match-

siemens6es7510-1sj01-0ab0Match-

siemens6es7511-1ak01-0ab0Match-

siemens6es7511-1ak02-0ab0Match-

siemens6es7511-1ck00-0ab0Match-

siemens6es7511-1ck01-0ab0Match-

siemens6es7511-1fk01-0ab0Match-

siemens6es7511-1fk02-0ab0Match-

siemens6es7511-1tk01-0ab0Match-

siemens6es7511-1uk01-0ab0Match-

siemens6es7512-1ck00-0ab0Match-

siemens6es7512-1ck01-0ab0Match-

siemens6es7512-1dk01-0ab0Match-

siemens6es7512-1sk01-0ab0Match-

siemens6es7513-1al01-0ab0Match-

siemens6es7513-1al02-0ab0Match-

siemens6es7513-1fl01-0ab0Match-

siemens6es7513-1fl02-0ab0Match-

siemens6es7513-1rl00-0ab0Match-

siemens6es7513-2gl00-0ab0Match-

siemens6es7513-2pl00-0ab0Match-

siemens6es7515-2am01-0ab0Match-

siemens6es7515-2am02-0ab0Match-

siemens6es7515-2fm01-0ab0Match-

siemens6es7515-2fm02-0ab0Match-

siemens6es7515-2rm00-0ab0Match-

siemens6es7515-2tm01-0ab0Match-

siemens6es7515-2um01-0ab0Match-

siemens6es7516-2gn00-0ab0Match-

siemens6es7516-2pn00-0ab0Match-

siemens6es7516-3an01-0ab0Match-

siemens6es7516-3an02-0ab0Match-

siemens6es7516-3fn01-0ab0Match-

siemens6es7516-3fn02-0ab0Match-

siemens6es7516-3tn00-0ab0Match-

siemens6es7516-3un00-0ab0Match-

siemens6es7517-3ap00-0ab0Match-

siemens6es7517-3fp00-0ab0Match-

siemens6es7517-3hp00-0ab0Match-

siemens6es7517-3tp00-0ab0Match-

siemens6es7517-3up00-0ab0Match-

siemens6es7518-4ap00-0ab0Match-

siemens6es7518-4ap00-3ab0Match-

siemens6es7518-4fp00-0ab0Match-

siemens6es7518-4fp00-3ab0Match-

AND

siemenss7-1500_cpu_firmwareRange<2.9.2

Node

siemenssimatic_s7-1500__software_controller

siemenssimatic_s7-plcsim_advancedRange<4.0

Node

siemenscpu_1515sp_pcMatch-

siemenscpu_1515sp_pc2Match-

AND

siemenset_200sp_open_controller_firmware

VendorProductVersionCPE
siemenscpu_1504d_tf-cpe:2.3:h:siemens:cpu_1504d_tf:-:*:*:*:*:*:*:*
siemenscpu_1507d_tf-cpe:2.3:h:siemens:cpu_1507d_tf:-:*:*:*:*:*:*:*
siemenssimatic_driver_controller_firmware*cpe:2.3:o:siemens:simatic_driver_controller_firmware:*:*:*:*:*:*:*:*
siemenscpu_1211c-cpe:2.3:h:siemens:cpu_1211c:-:*:*:*:*:*:*:*
siemenscpu_1212c-cpe:2.3:h:siemens:cpu_1212c:-:*:*:*:*:*:*:*
siemenscpu_1212fc-cpe:2.3:h:siemens:cpu_1212fc:-:*:*:*:*:*:*:*
siemenscpu_1214c-cpe:2.3:h:siemens:cpu_1214c:-:*:*:*:*:*:*:*
siemenscpu_1214fc-cpe:2.3:h:siemens:cpu_1214fc:-:*:*:*:*:*:*:*
siemenscpu_1215c-cpe:2.3:h:siemens:cpu_1215c:-:*:*:*:*:*:*:*
siemenscpu_1215fc-cpe:2.3:h:siemens:cpu_1215fc:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
siemens	cpu_1504d_tf	-	cpe:2.3:h:siemens:cpu_1504d_tf:-:::::::*
siemens	cpu_1507d_tf	-	cpe:2.3:h:siemens:cpu_1507d_tf:-:::::::*
siemens	simatic_driver_controller_firmware	*	cpe:2.3:o:siemens:simatic_driver_controller_firmware::::::::
siemens	cpu_1211c	-	cpe:2.3:h:siemens:cpu_1211c:-:::::::*
siemens	cpu_1212c	-	cpe:2.3:h:siemens:cpu_1212c:-:::::::*
siemens	cpu_1212fc	-	cpe:2.3:h:siemens:cpu_1212fc:-:::::::*
siemens	cpu_1214c	-	cpe:2.3:h:siemens:cpu_1214c:-:::::::*
siemens	cpu_1214fc	-	cpe:2.3:h:siemens:cpu_1214fc:-:::::::*
siemens	cpu_1215c	-	cpe:2.3:h:siemens:cpu_1215c:-:::::::*
siemens	cpu_1215fc	-	cpe:2.3:h:siemens:cpu_1215fc:-:::::::*

Rows per page:

1-10 of 631

CNA Affected

[
  {
    "product": "SIMATIC Drive Controller family",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V2.9.2"
      }
    ]
  },
  {
    "product": "SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants)",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions"
      }
    ]
  },
  {
    "product": "SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V21.9"
      }
    ]
  },
  {
    "product": "SIMATIC S7-1200 CPU family (incl. SIPLUS variants)",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V4.5.0"
      }
    ]
  },
  {
    "product": "SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants)",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V2.9.2"
      }
    ]
  },
  {
    "product": "SIMATIC S7-1500 Software Controller",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V21.9"
      }
    ]
  },
  {
    "product": "SIMATIC S7-PLCSIM Advanced",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V4.0"
      }
    ]
  },
  {
    "product": "SINAMICS PERFECT HARMONY GH180 Drives",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "Drives manufactured before 2021-08-13"
      }
    ]
  },
  {
    "product": "SINUMERIK MC",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V6.15"
      }
    ]
  },
  {
    "product": "SINUMERIK ONE",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V6.15"
      }
    ]
  }
]

References

cert-portal.siemens.com/productcert/pdf/ssa-434534.pdf

cert-portal.siemens.com/productcert/pdf/ssa-434535.pdf

cert-portal.siemens.com/productcert/pdf/ssa-434536.pdf

Social References

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.5

Confidence

High

EPSS

0.005

Percentile

77.0%

JSON

Related for CVE-2020-15782