cnvd - cnvd-2020-40613

cnvd-2020-40613

Vulnerability from cnvd

Title: 多款Siemens产品信息泄露漏洞

Description:

SIMATIC HMI Panels用于操作员控制，机器和设备的监控。SIMATIC WinCC Runtime Advanced是一个可视化运行时平台，机器和设备的监控。SIPLUS extreme产品是为在极端条件下可运行而设计的，它基于Imatic，LOGO！SITOP、SINAMICS、SIMOTION、SCALANCE或其他设备。

多款Siemens产品存在安全漏洞。攻击者可利用漏洞获取纯文本通信并访问敏感信息。

Severity: 中

Patch Name: 多款Siemens产品信息泄露漏洞的补丁

Patch Description:

多款Siemens产品存在安全漏洞。攻击者可利用漏洞获取纯文本通信并访问敏感信息。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

用户可参考如下供应商提供的安全公告获得补丁信息： https://cert-portal.siemens.com/productcert/pdf/ssa-364335.pdf

Reference: https://cert-portal.siemens.com/productcert/pdf/ssa-364335.pdf

Impacted products

Name
['Siemens SIMATIC WinCC Runtime Advanced', 'Siemens SIMATIC HMI Mobile Panels 2nd Generation', 'Siemens SIMATIC HMI KTP700F Mobile Arctic', 'Siemens SIMATIC HMI Comfort Panels (incl. SIPLUS vari-ants)', 'Siemens SIMATIC HMI Basic Panels 2nd Generation(incl. SIPLUS variants)', 'Siemens SIMATIC HMI Basic Panels 1st Generation(incl. SIPLUS variants)']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-7592"
    }
  },
  "description": "SIMATIC HMI Panels\u7528\u4e8e\u64cd\u4f5c\u5458\u63a7\u5236\uff0c\u673a\u5668\u548c\u8bbe\u5907\u7684\u76d1\u63a7\u3002SIMATIC WinCC Runtime Advanced\u662f\u4e00\u4e2a\u53ef\u89c6\u5316\u8fd0\u884c\u65f6\u5e73\u53f0\uff0c\u673a\u5668\u548c\u8bbe\u5907\u7684\u76d1\u63a7\u3002SIPLUS extreme\u4ea7\u54c1\u662f\u4e3a\u5728\u6781\u7aef\u6761\u4ef6\u4e0b\u53ef\u8fd0\u884c\u800c\u8bbe\u8ba1\u7684\uff0c\u5b83\u57fa\u4e8eImatic\uff0cLOGO\uff01SITOP\u3001SINAMICS\u3001SIMOTION\u3001SCALANCE\u6216\u5176\u4ed6\u8bbe\u5907\u3002\n\n\u591a\u6b3eSiemens\u4ea7\u54c1\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u83b7\u53d6\u7eaf\u6587\u672c\u901a\u4fe1\u5e76\u8bbf\u95ee\u654f\u611f\u4fe1\u606f\u3002",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u4f9b\u5e94\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttps://cert-portal.siemens.com/productcert/pdf/ssa-364335.pdf",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-40613",
  "openTime": "2020-07-17",
  "patchDescription": "SIMATIC HMI Panels\u7528\u4e8e\u64cd\u4f5c\u5458\u63a7\u5236\uff0c\u673a\u5668\u548c\u8bbe\u5907\u7684\u76d1\u63a7\u3002SIMATIC WinCC Runtime Advanced\u662f\u4e00\u4e2a\u53ef\u89c6\u5316\u8fd0\u884c\u65f6\u5e73\u53f0\uff0c\u673a\u5668\u548c\u8bbe\u5907\u7684\u76d1\u63a7\u3002SIPLUS extreme\u4ea7\u54c1\u662f\u4e3a\u5728\u6781\u7aef\u6761\u4ef6\u4e0b\u53ef\u8fd0\u884c\u800c\u8bbe\u8ba1\u7684\uff0c\u5b83\u57fa\u4e8eImatic\uff0cLOGO\uff01SITOP\u3001SINAMICS\u3001SIMOTION\u3001SCALANCE\u6216\u5176\u4ed6\u8bbe\u5907\u3002\r\n\r\n\u591a\u6b3eSiemens\u4ea7\u54c1\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u83b7\u53d6\u7eaf\u6587\u672c\u901a\u4fe1\u5e76\u8bbf\u95ee\u654f\u611f\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "\u591a\u6b3eSiemens\u4ea7\u54c1\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Siemens SIMATIC WinCC Runtime Advanced",
      "Siemens SIMATIC HMI Mobile Panels 2nd Generation",
      "Siemens SIMATIC HMI KTP700F Mobile Arctic",
      "Siemens SIMATIC HMI Comfort Panels (incl. SIPLUS vari-ants)",
      "Siemens SIMATIC HMI Basic Panels 2nd Generation(incl. SIPLUS variants)",
      "Siemens SIMATIC HMI Basic Panels 1st Generation(incl. SIPLUS variants)"
    ]
  },
  "referenceLink": "https://cert-portal.siemens.com/productcert/pdf/ssa-364335.pdf",
  "serverity": "\u4e2d",
  "submitTime": "2020-07-15",
  "title": "\u591a\u6b3eSiemens\u4ea7\u54c1\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e"
}

CVE-2020-7592 (GCVE-0-2020-7592)

Vulnerability from cvelistv5

Published

2020-07-14 13:18

Modified

2024-08-04 09:33

Severity ?

CWE

CWE-319 - Cleartext Transmission of Sensitive Information

Summary

A vulnerability has been identified in SIMATIC HMI Basic Panels 1st Generation (incl. SIPLUS variants) (All versions), SIMATIC HMI Basic Panels 2nd Generation (incl. SIPLUS variants) (All versions), SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions), SIMATIC HMI KTP700F Mobile Arctic (All versions), SIMATIC HMI Mobile Panels 2nd Generation (All versions), SIMATIC WinCC Runtime Advanced (All versions). Unencrypted communication between the configuration software and the respective device could allow an attacker to capture potential plain text communication and have access to sensitive information.

References

▼	URL	Tags
	https://cert-portal.siemens.com/productcert/pdf/ssa-364335.pdf	x_refsource_MISC
	https://us-cert.cisa.gov/ics/advisories/icsa-20-196-04	x_refsource_MISC

Impacted products

Vendor

Product

Version

▼

Siemens AG

SIMATIC HMI Basic Panels 1st Generation (incl. SIPLUS variants)

Version: All versions

Siemens AG	SIMATIC HMI Basic Panels 2nd Generation (incl. SIPLUS variants)	Version: All versions
Siemens AG	SIMATIC HMI Comfort Panels (incl. SIPLUS variants)	Version: All versions
Siemens AG	SIMATIC HMI KTP700F Mobile Arctic	Version: All versions
Siemens AG	SIMATIC HMI Mobile Panels 2nd Generation	Version: All versions
Siemens AG	SIMATIC WinCC Runtime Advanced	Version: All versions

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T09:33:19.896Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-364335.pdf"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-04"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "SIMATIC HMI Basic Panels 1st Generation (incl. SIPLUS variants)",
          "vendor": "Siemens AG",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "product": "SIMATIC HMI Basic Panels 2nd Generation (incl. SIPLUS variants)",
          "vendor": "Siemens AG",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "product": "SIMATIC HMI Comfort Panels (incl. SIPLUS variants)",
          "vendor": "Siemens AG",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "product": "SIMATIC HMI KTP700F Mobile Arctic",
          "vendor": "Siemens AG",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "product": "SIMATIC HMI Mobile Panels 2nd Generation",
          "vendor": "Siemens AG",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "product": "SIMATIC WinCC Runtime Advanced",
          "vendor": "Siemens AG",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in SIMATIC HMI Basic Panels 1st Generation (incl. SIPLUS variants) (All versions), SIMATIC HMI Basic Panels 2nd Generation (incl. SIPLUS variants) (All versions), SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions), SIMATIC HMI KTP700F Mobile Arctic (All versions), SIMATIC HMI Mobile Panels 2nd Generation (All versions), SIMATIC WinCC Runtime Advanced (All versions). Unencrypted communication between the configuration software and the respective device could allow an attacker to capture potential plain text communication and have access to sensitive information."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-319",
              "description": "CWE-319: Cleartext Transmission of Sensitive Information",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-07-16T13:40:34",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-364335.pdf"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-04"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "productcert@siemens.com",
          "ID": "CVE-2020-7592",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "SIMATIC HMI Basic Panels 1st Generation (incl. SIPLUS variants)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SIMATIC HMI Basic Panels 2nd Generation (incl. SIPLUS variants)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SIMATIC HMI Comfort Panels (incl. SIPLUS variants)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SIMATIC HMI KTP700F Mobile Arctic",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SIMATIC HMI Mobile Panels 2nd Generation",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SIMATIC WinCC Runtime Advanced",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Siemens AG"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability has been identified in SIMATIC HMI Basic Panels 1st Generation (incl. SIPLUS variants) (All versions), SIMATIC HMI Basic Panels 2nd Generation (incl. SIPLUS variants) (All versions), SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions), SIMATIC HMI KTP700F Mobile Arctic (All versions), SIMATIC HMI Mobile Panels 2nd Generation (All versions), SIMATIC WinCC Runtime Advanced (All versions). Unencrypted communication between the configuration software and the respective device could allow an attacker to capture potential plain text communication and have access to sensitive information."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-319: Cleartext Transmission of Sensitive Information"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-364335.pdf",
              "refsource": "MISC",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-364335.pdf"
            },
            {
              "name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-04",
              "refsource": "MISC",
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-04"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2020-7592",
    "datePublished": "2020-07-14T13:18:05",
    "dateReserved": "2020-01-21T00:00:00",
    "dateUpdated": "2024-08-04T09:33:19.896Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted