CVE-2020-28397

EPSS 0.18%
Published 10.08.2021 11:15:07
Last modified 21.11.2024 05:22:43
Source productcert@siemens.com
Teams watchlist Login
Open Login

A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V21.9), SIMATIC S7 PLCSIM Advanced (All versions > V2 < V4), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (Version V4.4), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions > V2.5 < V2.9.2), SIMATIC S7-1500 Software Controller (All versions > V2.5 < V21.9), TIM 1531 IRC (incl. SIPLUS NET variants) (Version V2.1). Due to an incorrect authorization check in the affected component, an attacker could extract information about access protected PLC program variables over port 102/tcp from an affected device when reading multiple attributes at once.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Siemens ≫ Cpu 1504d Tf Firmware Version < 2.9.2

Siemens ≫ Cpu 1504d Tf Version-

Siemens ≫ Cpu 1507d Tf Firmware Version < 2.9.2

Siemens ≫ Cpu 1507d Tf Version-

Siemens ≫ Cpu 1515sp Pc2 Tf Firmware Version < 21.9

Siemens ≫ Cpu 1515sp Pc2 Tf Version-

Siemens ≫ Simatic S7 Plcsim Advanced Firmware Version >= 2.0 < 4.0

Siemens ≫ Simatic S7 Plcsim Advanced Version-

Siemens ≫ Simatic S7-1500 Software Controller Version >= 2.5 < 21.9

Siemens ≫ Tim 1531 Irc Firmware Version2.1

Siemens ≫ Tim 1531 Irc Version-

Siemens ≫ Cpu 1211c Firmware Version4.4

Siemens ≫ Cpu 1211c Version-

Siemens ≫ Cpu 1212c Firmware Version4.4

Siemens ≫ Cpu 1212c Version-

Siemens ≫ Cpu 1212fc Firmware Version4.4

Siemens ≫ Cpu 1212fc Version-

Siemens ≫ Cpu 1214fc Firmware Version4.4

Siemens ≫ Cpu 1214fc Version-

Siemens ≫ Cpu 1214c Firmware Version4.4

Siemens ≫ Cpu 1214c Version-

Siemens ≫ Cpu 1215fc Firmware Version4.4

Siemens ≫ Cpu 1215fc Version-

Siemens ≫ Cpu 1215c Firmware Version4.4

Siemens ≫ Cpu 1215c Version-

Siemens ≫ Cpu 1217c Firmware Version4.4

Siemens ≫ Cpu 1217c Version-

Siemens ≫ Siplus Cpu 1510sp F-1pn Firmware Version >= 2.5 < 2.9.2

Siemens ≫ Siplus Cpu 1510sp F-1pn Version-

Siemens ≫ Siplus Cpu 1511-1 Pn Firmware Version >= 2.5 < 2.9.2

Siemens ≫ Siplus Cpu 1511-1 Pn Version-

Siemens ≫ Siplus Cpu 1511-1 Pn Firmware Version >= 2.5 < 2.9.2

Siemens ≫ Siplus Cpu 1511-1 Pn Version-

Siemens ≫ Siplus Cpu 1511f-1 Pn Firmware Version >= 2.5 < 2.9.2

Siemens ≫ Siplus Cpu 1511f-1 Pn Version-

Siemens ≫ Siplus Cpu 1512sp-1 Pn Firmware Version >= 2.5 < 2.9.2

Siemens ≫ Siplus Cpu 1512sp-1 Pn Version-

Siemens ≫ Siplus Cpu 1512sp F-1pn Firmware Version >= 2.5 < 2.9.2

Siemens ≫ Siplus Cpu 1512sp F-1pn Version-

Siemens ≫ Siplus Cpu 1513-1 Pn Firmware Version >= 2.5 < 2.9.2

Siemens ≫ Siplus Cpu 1513-1 Pn Version-

Siemens ≫ Siplus Cpu 1513-1 Pn Firmware Version >= 2.5 < 2.9.2

Siemens ≫ Siplus Cpu 1513-1 Pn Version-

Siemens ≫ Siplus Cpu 1513f-1 Pn Firmware Version >= 2.5 < 2.9.2

Siemens ≫ Siplus Cpu 1513f-1 Pn Version-

Siemens ≫ Siplus Cpu 1516-3 Pn/dp Firmware Version >= 2.5 < 2.9.2

Siemens ≫ Siplus Cpu 1516-3 Pn/dp Version-

Siemens ≫ Siplus Cpu 1516-3 Pn/dp Firmware Version >= 2.5 < 2.9.2

Siemens ≫ Siplus Cpu 1516-3 Pn/dp Version-

Siemens ≫ Siplus Cpu-1516f-3 Pn/dp Firmware Version >= 2.5 < 2.9.2

Siemens ≫ Siplus Cpu-1516f-3 Pn/dp Version-

Siemens ≫ Siplus Cpu 1518-4 Pn/dp Firmware Version >= 2.5 < 2.9.2

Siemens ≫ Siplus Cpu 1518-4 Pn/dp Version-

Siemens ≫ Siplus Cpu 1518f-4 Pn/dp Firmware Version >= 2.5 < 2.9.2

Siemens ≫ Siplus Cpu 1518f-4 Pn/dp Version-

Siemens ≫ Cpu 1510sp-1pn Firmware Version >= 2.5 < 2.9.2

Siemens ≫ Cpu 1510sp-1pn Version-

Siemens ≫ Cpu1510sp F-1 Firmware Version >= 2.5 < 2.9.2

Siemens ≫ Cpu1510sp F-1 Version-

Siemens ≫ Cpu 1511-1pn Firmware Version >= 2.5 < 2.9.2

Siemens ≫ Cpu 1511-1pn Version-

Siemens ≫ Cpu 1511-1pn Firmware Version >= 2.5 < 2.9.2

Siemens ≫ Cpu 1511-1pn Version-

Siemens ≫ Cpu 1511c-1 Pn Firmware Version >= 2.5 < 2.9.2

Siemens ≫ Cpu 1511c-1 Pn Version-

Siemens ≫ Cpu 1511f-1pn Firmware Version >= 2.5 < 2.9.2

Siemens ≫ Cpu 1511f-1pn Version-

Siemens ≫ Cpu 1511t-1pn Firmware Version >= 2.5 < 2.9.2

Siemens ≫ Cpu 1511t-1pn Version-

Siemens ≫ Cpu 1511tf-1pn Firmware Version >= 2.5 < 2.9.2

Siemens ≫ Cpu 1511tf-1pn Version-

Siemens ≫ Cpu 1512c-1 Pn Firmware Version >= 2.5 < 2.9.2

Siemens ≫ Cpu 1512c-1 Pn Version-

Siemens ≫ Cpu 1512sp-1 Pn Firmware Version >= 2.5 < 2.9.2

Siemens ≫ Cpu 1512sp-1 Pn Version-

Siemens ≫ Cpu 1512sp F-1 Pn Firmware Version >= 2.5 < 2.9.2

Siemens ≫ Cpu 1512sp F-1 Pn Version-

Siemens ≫ Cpu 1513-1 Pn Firmware Version >= 2.5 < 2.9.2

Siemens ≫ Cpu 1513-1 Pn Version-

Siemens ≫ Cpu 1513f-1 Pn Firmware Version >= 2.5 < 2.9.2

Siemens ≫ Cpu 1513f-1 Pn Version-

Siemens ≫ Cpu 1513r-1 Pn Firmware Version >= 2.5 < 2.9.2

Siemens ≫ Cpu 1513r-1 Pn Version-

Siemens ≫ Cpu 1513pro F-2 Pn Firmware Version >= 2.5 < 2.9.2

Siemens ≫ Cpu 1513pro F-2 Pn Version-

Siemens ≫ Cpu 1515-2 Firmware Version >= 2.5 < 2.9.2

Siemens ≫ Cpu 1515-2 Version-

Siemens ≫ Cpu 1515f-2 Firmware Version >= 2.5 < 2.9.2

Siemens ≫ Cpu 1515f-2 Version-

Siemens ≫ Cpu 1515r-2 Pn Firmware Version >= 2.5 < 2.9.2

Siemens ≫ Cpu 1515r-2 Pn Version-

Siemens ≫ Cpu 1515t-2 Pn Firmware Version >= 2.5 < 2.9.2

Siemens ≫ Cpu 1515t-2 Pn Version-

Siemens ≫ Cpu 1515tf-2 Pn Firmware Version >= 2.5 < 2.9.2

Siemens ≫ Cpu 1515tf-2 Pn Version-

Siemens ≫ Cpu 1516pro F-2 Pn Firmware Version >= 2.5 < 2.9.2

Siemens ≫ Cpu 1516pro F-2 Pn Version-

Siemens ≫ Cpu 1516pro-2 Pn Firmware Version >= 2.5 < 2.9.2

Siemens ≫ Cpu 1516pro-2 Pn Version-

Siemens ≫ Cpu 1516-3 Firmware Version >= 2.5 < 2.9.2

Siemens ≫ Cpu 1516-3 Version-

Siemens ≫ Cpu 1516f-3 Firmware Version >= 2.5 < 2.9.2.

Siemens ≫ Cpu 1516f-3 Version-

Siemens ≫ Cpu 1516t-3 Pn/dp Firmware Version >= 2.5 < 2.9.2

Siemens ≫ Cpu 1516t-3 Pn/dp Version-

Siemens ≫ Cpu 1516tf-3 Pn/dp Firmware Version >= 2.5 < 2.9.2

Siemens ≫ Cpu 1516tf-3 Pn/dp Version-

Siemens ≫ Cpu 1517-3 Pn/dp Firmware Version >= 2.5 < 2.9.2

Siemens ≫ Cpu 1517-3 Pn/dp Version-

Siemens ≫ Cpu 1517f-3 Pn/dp Firmware Version >= 2.5 < 2.9.2

Siemens ≫ Cpu 1517f-3 Pn/dp Version-

Siemens ≫ Cpu 1517t-3 Pn/dp Firmware Version >= 2.5 < 2.9.2

Siemens ≫ Cpu 1517t-3 Pn/dp Version-

Siemens ≫ Cpu 1517tf-3 Pn/dp Firmware Version >= 2.5 < 2.9.2

Siemens ≫ Cpu 1517tf-3 Pn/dp Version-

Siemens ≫ Cpu 1518-4 Pn/dp Firmware Version >= 2.5 < 2.9.2

Siemens ≫ Cpu 1518-4 Pn/dp Version-

Siemens ≫ Cpu 1518f-4 Pn/dp Firmware Version >= 2.5 < 2.9.2

Siemens ≫ Cpu 1518f-4 Pn/dp Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.18%	0.369

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

CWE-863 Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

https://cert-portal.siemens.com/productcert/pdf/ssa-865327.pdf

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-28397

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-28397

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-28397

EUVD