Lucene search

[email protected]NVD:CVE-2020-15798

HistoryFeb 09, 2021 - 5:15 p.m.

CVE-2020-15798

2021-02-0917:15:13

CWE-306

[email protected]

web.nvd.nist.gov

simatic

hmi

panels

vulnerability

telnet

authentication

remote access

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.013

Percentile

86.0%

JSON

A vulnerability has been identified in SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions < V16 Update 3a), SIMATIC HMI KTP Mobile Panels (All versions < V16 Update 3a), SINAMICS GH150 (All versions), SINAMICS GL150 (with option X30) (All versions), SINAMICS GM150 (with option X30) (All versions), SINAMICS SH150 (All versions), SINAMICS SL150 (All versions), SINAMICS SM120 (All versions), SINAMICS SM150 (All versions), SINAMICS SM150i (All versions). Affected devices with enabled telnet service do not require authentication for this service. This could allow a remote attacker to gain full access to the device. (ZDI-CAN-12046)

Affected configurations

Nvd

Node

siemenssimatic_hmi_comfort_panelsMatch-

AND

siemenssimatic_hmi_comfort_panels_firmwareRange<16.0

siemenssimatic_hmi_comfort_panels_firmwareMatch16.0-

siemenssimatic_hmi_comfort_panels_firmwareMatch16.0update1

siemenssimatic_hmi_comfort_panels_firmwareMatch16.0update2

siemenssimatic_hmi_comfort_panels_firmwareMatch16.0update3

Node

siemenssimatic_hmi_ktp_mobile_panelsMatch-

AND

siemenssimatic_hmi_ktp_mobile_panels_firmwareRange<16.0

siemenssimatic_hmi_ktp_mobile_panels_firmwareMatch16.0-

siemenssimatic_hmi_ktp_mobile_panels_firmwareMatch16.0update1

siemenssimatic_hmi_ktp_mobile_panels_firmwareMatch16.0update2

siemenssimatic_hmi_ktp_mobile_panels_firmwareMatch16.0update3

Node

siemenssinamics_gh150Match-

AND

siemenssinamics_gh150_firmwareMatch-

Node

siemenssinamics_gl150Match-

AND

siemenssinamics_gl150_firmwareMatch-

Node

siemenssinamics_gm150_firmwareMatch-

AND

siemenssinamics_gm150Match-

Node

siemenssinamics_sh150Match-

AND

siemenssinamics_sh150_firmwareMatch-

Node

siemenssinamics_sl150Match-

AND

siemenssinamics_sl150_firmwareMatch-

Node

siemenssinamics_sm150Match-

AND

siemenssinamics_sm150_firmwareMatch-

Node

siemenssinamics_sm120Match-

AND

siemenssinamics_sm120_firmwareMatch-

Node

siemenssinamics_sm150i_firmwareMatch-

AND

siemenssinamics_sm150iMatch-

VendorProductVersionCPE
siemenssimatic_hmi_comfort_panels-cpe:2.3:h:siemens:simatic_hmi_comfort_panels:-:*:*:*:*:*:*:*
siemenssimatic_hmi_comfort_panels_firmware*cpe:2.3:o:siemens:simatic_hmi_comfort_panels_firmware:*:*:*:*:*:*:*:*
siemenssimatic_hmi_comfort_panels_firmware16.0cpe:2.3:o:siemens:simatic_hmi_comfort_panels_firmware:16.0:-:*:*:*:*:*:*
siemenssimatic_hmi_comfort_panels_firmware16.0cpe:2.3:o:siemens:simatic_hmi_comfort_panels_firmware:16.0:update1:*:*:*:*:*:*
siemenssimatic_hmi_comfort_panels_firmware16.0cpe:2.3:o:siemens:simatic_hmi_comfort_panels_firmware:16.0:update2:*:*:*:*:*:*
siemenssimatic_hmi_comfort_panels_firmware16.0cpe:2.3:o:siemens:simatic_hmi_comfort_panels_firmware:16.0:update3:*:*:*:*:*:*
siemenssimatic_hmi_ktp_mobile_panels-cpe:2.3:h:siemens:simatic_hmi_ktp_mobile_panels:-:*:*:*:*:*:*:*
siemenssimatic_hmi_ktp_mobile_panels_firmware*cpe:2.3:o:siemens:simatic_hmi_ktp_mobile_panels_firmware:*:*:*:*:*:*:*:*
siemenssimatic_hmi_ktp_mobile_panels_firmware16.0cpe:2.3:o:siemens:simatic_hmi_ktp_mobile_panels_firmware:16.0:-:*:*:*:*:*:*
siemenssimatic_hmi_ktp_mobile_panels_firmware16.0cpe:2.3:o:siemens:simatic_hmi_ktp_mobile_panels_firmware:16.0:update1:*:*:*:*:*:*

Vendor	Product	Version	CPE
siemens	simatic_hmi_comfort_panels	-	cpe:2.3:h:siemens:simatic_hmi_comfort_panels:-:::::::*
siemens	simatic_hmi_comfort_panels_firmware	*	cpe:2.3:o:siemens:simatic_hmi_comfort_panels_firmware::::::::
siemens	simatic_hmi_comfort_panels_firmware	16.0	cpe:2.3:o:siemens:simatic_hmi_comfort_panels_firmware:16.0:-::::::
siemens	simatic_hmi_comfort_panels_firmware	16.0	cpe:2.3:o:siemens:simatic_hmi_comfort_panels_firmware:16.0:update1::::::
siemens	simatic_hmi_comfort_panels_firmware	16.0	cpe:2.3:o:siemens:simatic_hmi_comfort_panels_firmware:16.0:update2::::::
siemens	simatic_hmi_comfort_panels_firmware	16.0	cpe:2.3:o:siemens:simatic_hmi_comfort_panels_firmware:16.0:update3::::::
siemens	simatic_hmi_ktp_mobile_panels	-	cpe:2.3:h:siemens:simatic_hmi_ktp_mobile_panels:-:::::::*
siemens	simatic_hmi_ktp_mobile_panels_firmware	*	cpe:2.3:o:siemens:simatic_hmi_ktp_mobile_panels_firmware::::::::
siemens	simatic_hmi_ktp_mobile_panels_firmware	16.0	cpe:2.3:o:siemens:simatic_hmi_ktp_mobile_panels_firmware:16.0:-::::::
siemens	simatic_hmi_ktp_mobile_panels_firmware	16.0	cpe:2.3:o:siemens:simatic_hmi_ktp_mobile_panels_firmware:16.0:update1::::::

Rows per page:

1-10 of 281

References

cert-portal.siemens.com/productcert/pdf/ssa-520004.pdf

cert-portal.siemens.com/productcert/pdf/ssa-752103.pdf

us-cert.cisa.gov/ics/advisories/icsa-21-033-02

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.013

Percentile

86.0%

JSON

Related for NVD:CVE-2020-15798

prion1 zdi1 ics2 cve1 cvelist1