Lucene search
This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.OT_500385.NASLHistoryAug 10, 2021 - 12:00 a.m.
Siemens Simatic Insufficiently Protected Credentials
2021-08-1000:00:00
This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
17
siemens
simatic
insufficiently protected
credentials
vulnerability
s7-300
s7-400
winac rtx
sinumerik
authentication
protocol
network traffic
interception
EPSS
0.001
Percentile
26.0%
A vulnerability has been identified in SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC S7-400 CPU family (incl. SIPLUS variants) (All versions), SIMATIC WinAC RTX (F) 2010 (All versions), SINUMERIK 840D sl (All versions). The authentication protocol between a client and a PLC via port 102/tcp (ISO-TSAP) insufficiently protects the transmitted password. This could allow an attacker that is able to intercept the network traffic to obtain valid PLC credentials.
File data ot_500385.naslRelated
prion
prion
Authentication flaw
2020-09-09 19:15:00
ics
ics
Siemens SIMATIC S7-300 and S7-400 CPUs (Update C)
2020-12-08 12:00:00
nessus
nessus
cve
cve
CVE-2020-15791
2020-09-09 19:15:20
cvelist
cvelist
CVE-2020-15791
2020-09-09 18:13:11
nvd
nvd
CVE-2020-15791
2020-09-09 19:15:20