Lucene search

[email protected]NVD:CVE-2020-15782

HistoryMay 28, 2021 - 4:15 p.m.

CVE-2020-15782

2021-05-2816:15:07

CWE-119

[email protected]

web.nvd.nist.gov

vulnerability

siemens

industrial controllers

memory protection bypass

remote attack

network access

port 102/tcp

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.005

Percentile

77.0%

JSON

A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V21.9), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.5.0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V2.9.2), SIMATIC S7-1500 Software Controller (All versions < V21.9), SIMATIC S7-PLCSIM Advanced (All versions < V4.0), SINAMICS PERFECT HARMONY GH180 Drives (Drives manufactured before 2021-08-13), SINUMERIK MC (All versions < V6.15), SINUMERIK ONE (All versions < V6.15). Affected devices are vulnerable to a memory protection bypass through a specific operation. A remote unauthenticated attacker with network access to port 102/tcp could potentially write arbitrary data and code to protected memory areas or read sensitive data to launch further attacks.

Affected configurations

Nvd

Node

siemenscpu_1504d_tfMatch-

siemenscpu_1507d_tfMatch-

AND

siemenssimatic_driver_controller_firmwareRange<2.9.2

Node

siemenscpu_1211cMatch-

siemenscpu_1212cMatch-

siemenscpu_1212fcMatch-

siemenscpu_1214cMatch-

siemenscpu_1214fcMatch-

siemenscpu_1215cMatch-

siemenscpu_1215fcMatch-

siemenscpu_1217cMatch-

AND

siemenss7-1200_cpu_firmwareRange<4.5.0

Node

siemens6es7510-1dj01-0ab0Match-

siemens6es7510-1sj01-0ab0Match-

siemens6es7511-1ak01-0ab0Match-

siemens6es7511-1ak02-0ab0Match-

siemens6es7511-1ck00-0ab0Match-

siemens6es7511-1ck01-0ab0Match-

siemens6es7511-1fk01-0ab0Match-

siemens6es7511-1fk02-0ab0Match-

siemens6es7511-1tk01-0ab0Match-

siemens6es7511-1uk01-0ab0Match-

siemens6es7512-1ck00-0ab0Match-

siemens6es7512-1ck01-0ab0Match-

siemens6es7512-1dk01-0ab0Match-

siemens6es7512-1sk01-0ab0Match-

siemens6es7513-1al01-0ab0Match-

siemens6es7513-1al02-0ab0Match-

siemens6es7513-1fl01-0ab0Match-

siemens6es7513-1fl02-0ab0Match-

siemens6es7513-1rl00-0ab0Match-

siemens6es7513-2gl00-0ab0Match-

siemens6es7513-2pl00-0ab0Match-

siemens6es7515-2am01-0ab0Match-

siemens6es7515-2am02-0ab0Match-

siemens6es7515-2fm01-0ab0Match-

siemens6es7515-2fm02-0ab0Match-

siemens6es7515-2rm00-0ab0Match-

siemens6es7515-2tm01-0ab0Match-

siemens6es7515-2um01-0ab0Match-

siemens6es7516-2gn00-0ab0Match-

siemens6es7516-2pn00-0ab0Match-

siemens6es7516-3an01-0ab0Match-

siemens6es7516-3an02-0ab0Match-

siemens6es7516-3fn01-0ab0Match-

siemens6es7516-3fn02-0ab0Match-

siemens6es7516-3tn00-0ab0Match-

siemens6es7516-3un00-0ab0Match-

siemens6es7517-3ap00-0ab0Match-

siemens6es7517-3fp00-0ab0Match-

siemens6es7517-3hp00-0ab0Match-

siemens6es7517-3tp00-0ab0Match-

siemens6es7517-3up00-0ab0Match-

siemens6es7518-4ap00-0ab0Match-

siemens6es7518-4ap00-3ab0Match-

siemens6es7518-4fp00-0ab0Match-

siemens6es7518-4fp00-3ab0Match-

AND

siemenss7-1500_cpu_firmwareRange<2.9.2

Node

siemenssimatic_s7-1500__software_controller

siemenssimatic_s7-plcsim_advancedRange<4.0

Node

siemenscpu_1515sp_pcMatch-

siemenscpu_1515sp_pc2Match-

AND

siemenset_200sp_open_controller_firmware

VendorProductVersionCPE
siemenscpu_1504d_tf-cpe:2.3:h:siemens:cpu_1504d_tf:-:*:*:*:*:*:*:*
siemenscpu_1507d_tf-cpe:2.3:h:siemens:cpu_1507d_tf:-:*:*:*:*:*:*:*
siemenssimatic_driver_controller_firmware*cpe:2.3:o:siemens:simatic_driver_controller_firmware:*:*:*:*:*:*:*:*
siemenscpu_1211c-cpe:2.3:h:siemens:cpu_1211c:-:*:*:*:*:*:*:*
siemenscpu_1212c-cpe:2.3:h:siemens:cpu_1212c:-:*:*:*:*:*:*:*
siemenscpu_1212fc-cpe:2.3:h:siemens:cpu_1212fc:-:*:*:*:*:*:*:*
siemenscpu_1214c-cpe:2.3:h:siemens:cpu_1214c:-:*:*:*:*:*:*:*
siemenscpu_1214fc-cpe:2.3:h:siemens:cpu_1214fc:-:*:*:*:*:*:*:*
siemenscpu_1215c-cpe:2.3:h:siemens:cpu_1215c:-:*:*:*:*:*:*:*
siemenscpu_1215fc-cpe:2.3:h:siemens:cpu_1215fc:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
siemens	cpu_1504d_tf	-	cpe:2.3:h:siemens:cpu_1504d_tf:-:::::::*
siemens	cpu_1507d_tf	-	cpe:2.3:h:siemens:cpu_1507d_tf:-:::::::*
siemens	simatic_driver_controller_firmware	*	cpe:2.3:o:siemens:simatic_driver_controller_firmware::::::::
siemens	cpu_1211c	-	cpe:2.3:h:siemens:cpu_1211c:-:::::::*
siemens	cpu_1212c	-	cpe:2.3:h:siemens:cpu_1212c:-:::::::*
siemens	cpu_1212fc	-	cpe:2.3:h:siemens:cpu_1212fc:-:::::::*
siemens	cpu_1214c	-	cpe:2.3:h:siemens:cpu_1214c:-:::::::*
siemens	cpu_1214fc	-	cpe:2.3:h:siemens:cpu_1214fc:-:::::::*
siemens	cpu_1215c	-	cpe:2.3:h:siemens:cpu_1215c:-:::::::*
siemens	cpu_1215fc	-	cpe:2.3:h:siemens:cpu_1215fc:-:::::::*

Rows per page:

1-10 of 631

References

cert-portal.siemens.com/productcert/pdf/ssa-434534.pdf

cert-portal.siemens.com/productcert/pdf/ssa-434535.pdf

cert-portal.siemens.com/productcert/pdf/ssa-434536.pdf

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.005

Percentile

77.0%

JSON

Related for NVD:CVE-2020-15782

nessus2 ics3 prion1 cve1 thn3 cvelist1