CVE-2020-15786

2020-09-0918:11:39

CWE-307

siemens

www.cve.org

9.3 High

AI Score

Confidence

High

0.009 Low

EPSS

Percentile

82.4%

JSON

A vulnerability has been identified in SIMATIC HMI Basic Panels 2nd Generation (incl. SIPLUS variants) (All versions < V16), SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions <= V16), SIMATIC HMI Mobile Panels (All versions <= V16), SIMATIC HMI Unified Comfort Panels (All versions <= V16). Affected devices insufficiently block excessive authentication attempts. This could allow a remote attacker to discover user passwords and obtain access to the Sm@rt Server via a brute-force attack.

CNA Affected

[
  {
    "product": "SIMATIC HMI Basic Panels 2nd Generation (incl. SIPLUS variants)",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V16"
      }
    ]
  },
  {
    "product": "SIMATIC HMI Comfort Panels (incl. SIPLUS variants)",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions <= V16"
      }
    ]
  },
  {
    "product": "SIMATIC HMI Mobile Panels",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions <= V16"
      }
    ]
  },
  {
    "product": "SIMATIC HMI Unified Comfort Panels",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions <= V16"
      }
    ]
  }
]

References

cert-portal.siemens.com/productcert/pdf/ssa-542525.pdf