Unrated severityNVD Advisory· Published Sep 9, 2020· Updated Aug 4, 2024

CVE-2020-15791

Description

A vulnerability has been identified in SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC S7-400 CPU family (incl. SIPLUS variants) (All versions), SIMATIC WinAC RTX (F) 2010 (All versions), SINUMERIK 840D sl (All versions). The authentication protocol between a client and a PLC via port 102/tcp (ISO-TSAP) insufficiently protects the transmitted password. This could allow an attacker that is able to intercept the network traffic to obtain valid PLC credentials.

Affected products

Siemens Foundation/Simatic Winac Rtx F 2010llm-fuzzy2 versions
all versions+ 1 more
- (no CPE)range: all versions
- (no CPE)range: All versions
Siemens Foundation/SIMATIC S7-300 PN/DP CPU familyllm-fuzzy
Range: all versions
Siemens Foundation/SIMATIC S7-400 CPU familyllm-fuzzy
Range: all versions
Siemens Foundation/SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants)cpe-rescue
Range: All versions
Siemens Foundation/SIMATIC S7-1200 CPU family (incl. SIPLUS variants)cpe-rescue
Range: All versions
Siemens Foundation/Sinumerik 840d Sl Firmwarecpe-rescue
Range: All versions

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

cert-portal.siemens.com/productcert/pdf/ssa-381684.pdfmitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000