Unrated severityNVD Advisory· Published Dec 7, 2013· Updated Apr 29, 2026

CVE-2013-6920

Description

Siemens SINAMICS S/G controllers with firmware before 4.6.11 do not require authentication for FTP and TELNET sessions, which allows remote attackers to bypass intended access restrictions via TCP traffic to port (1) 21 or (2) 23.

Affected products

Siemens Foundation/Sinamics S\/g Family Firmware
cpe:2.3:o:siemens:sinamics_s\/g_family_firmware:*:*:*:*:*:*:*:*
Range: <=4.6
Siemens Foundation/Sinamics G110
cpe:2.3:h:siemens:sinamics_g110:-:*:*:*:*:*:*:*
Siemens Foundation/Sinamics G110d
cpe:2.3:h:siemens:sinamics_g110d:-:*:*:*:*:*:*:*
Siemens Foundation/Sinamics G120
cpe:2.3:h:siemens:sinamics_g120:-:*:*:*:*:*:*:*
Siemens Foundation/Sinamics G120c
cpe:2.3:h:siemens:sinamics_g120c:-:*:*:*:*:*:*:*
Siemens Foundation/Sinamics G120d
cpe:2.3:h:siemens:sinamics_g120d:-:*:*:*:*:*:*:*
Siemens Foundation/Sinamics G120p
cpe:2.3:h:siemens:sinamics_g120p:-:*:*:*:*:*:*:*
Siemens Foundation/Sinamics G130
cpe:2.3:h:siemens:sinamics_g130:-:*:*:*:*:*:*:*
Siemens Foundation/Sinamics G150
cpe:2.3:h:siemens:sinamics_g150:-:*:*:*:*:*:*:*
Siemens Foundation/Sinamics G180
cpe:2.3:h:siemens:sinamics_g180:-:*:*:*:*:*:*:*
Siemens Foundation/Sinamics S110
cpe:2.3:h:siemens:sinamics_s110:-:*:*:*:*:*:*:*
Siemens Foundation/Sinamics S120
cpe:2.3:h:siemens:sinamics_s120:-:*:*:*:*:*:*:*
Siemens Foundation/Sinamics S120cm
cpe:2.3:h:siemens:sinamics_s120cm:-:*:*:*:*:*:*:*
Siemens Foundation/Sinamics S150
cpe:2.3:h:siemens:sinamics_s150:-:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-742938.pdfnvdVendor Advisory
ics-cert.us-cert.gov/advisories/ICSA-13-338-01nvdUS Government Resource
cert-portal.siemens.com/productcert/pdf/ssa-742938.pdfnvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000