CVE-2020-15798

EPSS 1.18%
Published 09.02.2021 17:15:13
Last modified 21.11.2024 05:06:12
Source productcert@siemens.com
Teams watchlist Login
Open Login

A vulnerability has been identified in SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions < V16 Update 3a), SIMATIC HMI KTP Mobile Panels (All versions < V16 Update 3a), SINAMICS GH150 (All versions), SINAMICS GL150 (with option X30) (All versions), SINAMICS GM150 (with option X30) (All versions), SINAMICS SH150 (All versions), SINAMICS SL150 (All versions), SINAMICS SM120 (All versions), SINAMICS SM150 (All versions), SINAMICS SM150i (All versions). Affected devices with enabled telnet service do not require authentication for this service. This could allow a remote attacker to gain full access to the device. (ZDI-CAN-12046)

Affected products Warnungen 0 Metrics 3 CWE 1 References 6

Data is provided by the National Vulnerability Database (NVD)

Siemens ≫ Simatic Hmi Comfort Panels Firmware Version < 16.0

Siemens ≫ Simatic Hmi Comfort Panels Version-

Siemens ≫ Simatic Hmi Comfort Panels Firmware Version16.0 Update-

Siemens ≫ Simatic Hmi Comfort Panels Version-

Siemens ≫ Simatic Hmi Comfort Panels Firmware Version16.0 Updateupdate1

Siemens ≫ Simatic Hmi Comfort Panels Version-

Siemens ≫ Simatic Hmi Comfort Panels Firmware Version16.0 Updateupdate2

Siemens ≫ Simatic Hmi Comfort Panels Version-

Siemens ≫ Simatic Hmi Comfort Panels Firmware Version16.0 Updateupdate3

Siemens ≫ Simatic Hmi Comfort Panels Version-

Siemens ≫ Simatic Hmi Ktp Mobile Panels Firmware Version < 16.0

Siemens ≫ Simatic Hmi Ktp Mobile Panels Version-

Siemens ≫ Simatic Hmi Ktp Mobile Panels Firmware Version16.0 Update-

Siemens ≫ Simatic Hmi Ktp Mobile Panels Version-

Siemens ≫ Simatic Hmi Ktp Mobile Panels Firmware Version16.0 Updateupdate1

Siemens ≫ Simatic Hmi Ktp Mobile Panels Version-

Siemens ≫ Simatic Hmi Ktp Mobile Panels Firmware Version16.0 Updateupdate2

Siemens ≫ Simatic Hmi Ktp Mobile Panels Version-

Siemens ≫ Simatic Hmi Ktp Mobile Panels Firmware Version16.0 Updateupdate3

Siemens ≫ Simatic Hmi Ktp Mobile Panels Version-

Siemens ≫ Sinamics Gh150 Firmware Version-

Siemens ≫ Sinamics Gh150 Version-

Siemens ≫ Sinamics Gl150 Firmware Version-

Siemens ≫ Sinamics Gl150 Version-

Siemens ≫ Sinamics Gm150 Firmware Version-

Siemens ≫ Sinamics Gm150 Version-

Siemens ≫ Sinamics Sh150 Firmware Version-

Siemens ≫ Sinamics Sh150 Version-

Siemens ≫ Sinamics Sl150 Firmware Version-

Siemens ≫ Sinamics Sl150 Version-

Siemens ≫ Sinamics Sm150 Firmware Version-

Siemens ≫ Sinamics Sm150 Version-

Siemens ≫ Sinamics Sm120 Firmware Version-

Siemens ≫ Sinamics Sm120 Version-

Siemens ≫ Sinamics Sm150i Firmware Version-

Siemens ≫ Sinamics Sm150i Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.18%	0.768

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C

CWE-306 Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

https://cert-portal.siemens.com/productcert/pdf/ssa-520004.pdf

Vendor Advisory

https://cert-portal.siemens.com/productcert/pdf/ssa-752103.pdf

Patch

Vendor Advisory

https://us-cert.cisa.gov/ics/advisories/icsa-21-033-02

Third Party Advisory

US Government Resource

https://nvd.nist.gov/vuln/detail/CVE-2020-15798

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-15798

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-15798

EUVD