Medium severity6.5NVD Advisory· Published Sep 9, 2020· Updated Jun 17, 2026
CVE-2020-15791
CVE-2020-15791
Description
A vulnerability has been identified in SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC S7-400 CPU family (incl. SIPLUS variants) (All versions), SIMATIC WinAC RTX (F) 2010 (All versions), SINUMERIK 840D sl (All versions). The authentication protocol between a client and a PLC via port 102/tcp (ISO-TSAP) insufficiently protects the transmitted password. This could allow an attacker that is able to intercept the network traffic to obtain valid PLC credentials.
Affected products
21cpe:2.3:o:siemens:simatic_s7-300_cpu_312_firmware:*:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:o:siemens:simatic_s7-300_cpu_312_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_s7-300_cpu_314_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_s7-300_cpu_315-2_dp_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_s7-300_cpu_315-2_pn_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_s7-300_cpu_315f-2_pn_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_s7-300_cpu_317-2_pn_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_s7-300_cpu_315f-2_dp_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:siemens:simatic_s7-300_cpu_317-2_dp_firmware:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:siemens:simatic_s7-300_cpu_317-2_dp_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_s7-300_cpu_317f-2_dp_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:siemens:simatic_s7-300_cpu_317f-2_pn_firmware:*:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:o:siemens:simatic_s7-300_cpu_317f-2_pn_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_s7-400_cpu_416_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_s7-400_cpu_417_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_s7-400_cpu_412_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_s7-400_cpu_414_firmware:*:*:*:*:*:*:*:*
- Range: All versions
- Range: All versions
2010+ 1 more
- (no CPE)range: 2010
- (no CPE)range: All versions
- Siemens Foundation/SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants)cpe-rescueRange: All versions
- Range: All versions
- Range: All versions
Patches
Vulnerability mechanics
References
1- cert-portal.siemens.com/productcert/pdf/ssa-381684.pdfnvdVendor Advisory
News mentions
0No linked articles in our index yet.