Lucene search

[email protected]CVE-2020-7592

HistoryJul 14, 2020 - 2:15 p.m.

CVE-2020-7592

2020-07-1414:15:19

CWE-319

[email protected]

web.nvd.nist.gov

simatic

hmi

vulnerability

unencrypted communication

plain text

sensitive information

cve-2020-7592

3.3 Low

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:A/AC:L/Au:N/C:P/I:N/A:N

6.5 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

6.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

26.4%

JSON

A vulnerability has been identified in SIMATIC HMI Basic Panels 1st Generation (incl. SIPLUS variants) (All versions), SIMATIC HMI Basic Panels 2nd Generation (incl. SIPLUS variants) (All versions), SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions), SIMATIC HMI KTP700F Mobile Arctic (All versions), SIMATIC HMI Mobile Panels 2nd Generation (All versions), SIMATIC WinCC Runtime Advanced (All versions). Unencrypted communication between the configuration software and the respective device could allow an attacker to capture potential plain text communication and have access to sensitive information.

Affected configurations

NVD

Node

siemenssimatic_hmi_basic_panels_1st_generation

siemenssimatic_hmi_basic_panels_2nd_generation

siemenssimatic_wincc_runtime_advanced

Node

siemenssimatic_hmi_comfort_panels_firmware

AND

siemenssimatic_hmi_comfort_panelsMatch-

Node

siemenssimatic_hmi_ktp700f_mobile_arctic_firmware

AND

siemenssimatic_hmi_ktp700f_mobile_arcticMatch-

Node

siemenssimatic_hmi_mobile_panels_2nd_generation_firmware

AND

siemenssimatic_hmi_mobile_panels_2nd_generationMatch-

CPENameOperatorVersion
siemens:simatic_hmi_basic_panels_1st_generationsiemens simatic hmi basic panels 1st generationeq*
siemens:simatic_hmi_basic_panels_2nd_generationsiemens simatic hmi basic panels 2nd generationeq*
siemens:simatic_wincc_runtime_advancedsiemens simatic wincc runtime advancedeq*

CPE	Name	Operator	Version
siemens:simatic_hmi_basic_panels_1st_generation	siemens simatic hmi basic panels 1st generation	eq	*
siemens:simatic_hmi_basic_panels_2nd_generation	siemens simatic hmi basic panels 2nd generation	eq	*
siemens:simatic_wincc_runtime_advanced	siemens simatic wincc runtime advanced	eq	*

CNA Affected

[
  {
    "product": "SIMATIC HMI Basic Panels 1st Generation (incl. SIPLUS variants)",
    "vendor": "Siemens AG",
    "versions": [
      {
        "status": "affected",
        "version": "All versions"
      }
    ]
  },
  {
    "product": "SIMATIC HMI Basic Panels 2nd Generation (incl. SIPLUS variants)",
    "vendor": "Siemens AG",
    "versions": [
      {
        "status": "affected",
        "version": "All versions"
      }
    ]
  },
  {
    "product": "SIMATIC HMI Comfort Panels (incl. SIPLUS variants)",
    "vendor": "Siemens AG",
    "versions": [
      {
        "status": "affected",
        "version": "All versions"
      }
    ]
  },
  {
    "product": "SIMATIC HMI KTP700F Mobile Arctic",
    "vendor": "Siemens AG",
    "versions": [
      {
        "status": "affected",
        "version": "All versions"
      }
    ]
  },
  {
    "product": "SIMATIC HMI Mobile Panels 2nd Generation",
    "vendor": "Siemens AG",
    "versions": [
      {
        "status": "affected",
        "version": "All versions"
      }
    ]
  },
  {
    "product": "SIMATIC WinCC Runtime Advanced",
    "vendor": "Siemens AG",
    "versions": [
      {
        "status": "affected",
        "version": "All versions"
      }
    ]
  }
]

References

cert-portal.siemens.com/productcert/pdf/ssa-364335.pdf

us-cert.cisa.gov/ics/advisories/icsa-20-196-04

3.3 Low

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:A/AC:L/Au:N/C:P/I:N/A:N

6.5 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

6.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

26.4%

JSON

Related for CVE-2020-7592

prion1 cvelist1 nvd1 ics1