CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS
Percentile
35.2%
A vulnerability has been identified in SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (V4.5.0). Affected devices fail to authenticate against configured passwords when provisioned using TIA Portal V13. This could allow an attacker using TIA Portal V13 or later versions to bypass authentication and download arbitrary programs to the PLC. The vulnerability does not occur when TIA Portal V13 SP1 or any later version was used to provision the device.
Vendor | Product | Version | CPE |
---|---|---|---|
siemens | cpu_1211c | - | cpe:2.3:h:siemens:cpu_1211c:-:*:*:*:*:*:*:* |
siemens | cpu_1212c | - | cpe:2.3:h:siemens:cpu_1212c:-:*:*:*:*:*:*:* |
siemens | cpu_1212fc | - | cpe:2.3:h:siemens:cpu_1212fc:-:*:*:*:*:*:*:* |
siemens | cpu_1214c | - | cpe:2.3:h:siemens:cpu_1214c:-:*:*:*:*:*:*:* |
siemens | cpu_1214fc | - | cpe:2.3:h:siemens:cpu_1214fc:-:*:*:*:*:*:*:* |
siemens | cpu_1215c | - | cpe:2.3:h:siemens:cpu_1215c:-:*:*:*:*:*:*:* |
siemens | cpu_1215fc | - | cpe:2.3:h:siemens:cpu_1215fc:-:*:*:*:*:*:*:* |
siemens | cpu_1217c | - | cpe:2.3:h:siemens:cpu_1217c:-:*:*:*:*:*:*:* |
siemens | simatic_s7-1200_cpu_firmware | 4.5.0 | cpe:2.3:o:siemens:simatic_s7-1200_cpu_firmware:4.5.0:*:*:*:*:*:*:* |
siemens | simatic_step_7_\(tia_portal\) | * | cpe:2.3:a:siemens:simatic_step_7_\(tia_portal\):*:*:*:*:*:*:*:* |
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS
Percentile
35.2%