CVE-2020-15782
Description
A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V21.9), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.5.0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V2.9.2), SIMATIC S7-1500 Software Controller (All versions < V21.9), SIMATIC S7-PLCSIM Advanced (All versions < V4.0), SINAMICS PERFECT HARMONY GH180 Drives (Drives manufactured before 2021-08-13), SINUMERIK MC (All versions < V6.15), SINUMERIK ONE (All versions < V6.15). Affected devices are vulnerable to a memory protection bypass through a specific operation. A remote unauthenticated attacker with network access to port 102/tcp could potentially write arbitrary data and code to protected memory areas or read sensitive data to launch further attacks.
Affected products
24cpe:2.3:a:siemens:simatic_s7-1500__software_controller:*:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:siemens:simatic_s7-1500__software_controller:*:*:*:*:*:*:*:*
- (no CPE)range: < V21.9
- (no CPE)range: All versions < V21.9
cpe:2.3:a:siemens:simatic_s7-plcsim_advanced:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:siemens:simatic_s7-plcsim_advanced:*:*:*:*:*:*:*:*range: <4.0
- (no CPE)range: < V4.0
- cpe:2.3:o:siemens:et_200sp_open_controller_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:s7-1200_cpu_firmware:*:*:*:*:*:*:*:*Range: <4.5.0
- cpe:2.3:o:siemens:s7-1500_cpu_firmware:*:*:*:*:*:*:*:*Range: <2.9.2
cpe:2.3:o:siemens:simatic_driver_controller_firmware:*:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:o:siemens:simatic_driver_controller_firmware:*:*:*:*:*:*:*:*range: <2.9.2
- (no CPE)range: < V2.9.2
- (no CPE)range: All versions < V2.9.2
manufactured before 2021-08-13+ 1 more
- (no CPE)range: manufactured before 2021-08-13
- (no CPE)range: Drives manufactured before 2021-08-13
- Range: < V6.15
- Range: < V4.5.0
- Range: All versions
< V6.15+ 2 more
- (no CPE)range: < V6.15
- (no CPE)range: All versions < V6.15
- (no CPE)range: All versions < V6.15
- Siemens Foundation/SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants)cpe-rescue2 versions
All versions < V21.9+ 1 more
- (no CPE)range: All versions < V21.9
- (no CPE)range: All versions
- Range: All versions < V4.5.0
- Siemens Foundation/SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants)cpe-rescueRange: All versions < V2.9.2
- Range: All versions < V4.0
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.