Lucene search

[email protected]CVE-2020-15786

HistorySep 09, 2020 - 7:15 p.m.

CVE-2020-15786

2020-09-0919:15:19

CWE-307

[email protected]

web.nvd.nist.gov

cve-2020-15786

simatic hmi

vulnerability

remote attacker

user passwords

nvd

security advisory

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.1 High

AI Score

Confidence

High

0.009 Low

EPSS

Percentile

82.4%

JSON

A vulnerability has been identified in SIMATIC HMI Basic Panels 2nd Generation (incl. SIPLUS variants) (All versions < V16), SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions <= V16), SIMATIC HMI Mobile Panels (All versions <= V16), SIMATIC HMI Unified Comfort Panels (All versions <= V16). Affected devices insufficiently block excessive authentication attempts. This could allow a remote attacker to discover user passwords and obtain access to the Sm@rt Server via a brute-force attack.

Affected configurations

NVD

Node

siemenssimatic_hmi_basic_panels_2nd_generationMatch-

AND

siemenssimatic_hmi_basic_panels_2nd_generation_firmwareRange≤14

Node

siemenssimatic_hmi_comfort_panelsMatch-

AND

siemenssimatic_hmi_comfort_panels_firmware

Node

siemenssimatic_hmi_mobile_panelsMatch-

AND

siemenssimatic_hmi_mobile_panels_firmware

Node

siemenssimatic_hmi_united_comfort_panelsMatch-

AND

siemenssimatic_hmi_united_comfort_panels_firmware

CPENameOperatorVersion
siemens:simatic_hmi_basic_panels_2nd_generation_firmwaresiemens simatic hmi basic panels 2nd generation firmwarele14

CPE	Name	Operator	Version
siemens:simatic_hmi_basic_panels_2nd_generation_firmware	siemens simatic hmi basic panels 2nd generation firmware	le	14

CNA Affected

[
  {
    "product": "SIMATIC HMI Basic Panels 2nd Generation (incl. SIPLUS variants)",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V16"
      }
    ]
  },
  {
    "product": "SIMATIC HMI Comfort Panels (incl. SIPLUS variants)",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions <= V16"
      }
    ]
  },
  {
    "product": "SIMATIC HMI Mobile Panels",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions <= V16"
      }
    ]
  },
  {
    "product": "SIMATIC HMI Unified Comfort Panels",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions <= V16"
      }
    ]
  }
]

References

cert-portal.siemens.com/productcert/pdf/ssa-542525.pdf

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.1 High

AI Score

Confidence

High

0.009 Low

EPSS

Percentile

82.4%

JSON

Related for CVE-2020-15786

cvelist1 nvd1 prion1 ics1