Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2020-15782 (GCVE-0-2020-15782)
Vulnerability from cvelistv5
Published
2021-05-28 16:10
Modified
2024-08-04 13:22
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
Summary
A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V21.9), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.5.0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V2.9.2), SIMATIC S7-1500 Software Controller (All versions < V21.9), SIMATIC S7-PLCSIM Advanced (All versions < V4.0), SINAMICS PERFECT HARMONY GH180 Drives (Drives manufactured before 2021-08-13), SINUMERIK MC (All versions < V6.15), SINUMERIK ONE (All versions < V6.15). Affected devices are vulnerable to a memory protection bypass through a specific operation. A remote unauthenticated attacker with network access to port 102/tcp could potentially write arbitrary data and code to protected memory areas or read sensitive data to launch further attacks.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Siemens | SIMATIC Drive Controller family |
Version: All versions < V2.9.2 |
|||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:22:30.758Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-434534.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-434536.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-434535.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SIMATIC Drive Controller family",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.9.2"
}
]
},
{
"product": "SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V21.9"
}
]
},
{
"product": "SIMATIC S7-1200 CPU family (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.5.0"
}
]
},
{
"product": "SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.9.2"
}
]
},
{
"product": "SIMATIC S7-1500 Software Controller",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V21.9"
}
]
},
{
"product": "SIMATIC S7-PLCSIM Advanced",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.0"
}
]
},
{
"product": "SINAMICS PERFECT HARMONY GH180 Drives",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "Drives manufactured before 2021-08-13"
}
]
},
{
"product": "SINUMERIK MC",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V6.15"
}
]
},
{
"product": "SINUMERIK ONE",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V6.15"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SIMATIC Drive Controller family (All versions \u003c V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions \u003c V21.9), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions \u003c V4.5.0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions \u003c V2.9.2), SIMATIC S7-1500 Software Controller (All versions \u003c V21.9), SIMATIC S7-PLCSIM Advanced (All versions \u003c V4.0), SINAMICS PERFECT HARMONY GH180 Drives (Drives manufactured before 2021-08-13), SINUMERIK MC (All versions \u003c V6.15), SINUMERIK ONE (All versions \u003c V6.15). Affected devices are vulnerable to a memory protection bypass through a specific operation. A remote unauthenticated attacker with network access to port 102/tcp could potentially write arbitrary data and code to protected memory areas or read sensitive data to launch further attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-14T10:47:06",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-434534.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-434536.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-434535.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2020-15782",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SIMATIC Drive Controller family",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V2.9.2"
}
]
}
},
{
"product_name": "SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants)",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V21.9"
}
]
}
},
{
"product_name": "SIMATIC S7-1200 CPU family (incl. SIPLUS variants)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.5.0"
}
]
}
},
{
"product_name": "SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V2.9.2"
}
]
}
},
{
"product_name": "SIMATIC S7-1500 Software Controller",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V21.9"
}
]
}
},
{
"product_name": "SIMATIC S7-PLCSIM Advanced",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.0"
}
]
}
},
{
"product_name": "SINAMICS PERFECT HARMONY GH180 Drives",
"version": {
"version_data": [
{
"version_value": "Drives manufactured before 2021-08-13"
}
]
}
},
{
"product_name": "SINUMERIK MC",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V6.15"
}
]
}
},
{
"product_name": "SINUMERIK ONE",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V6.15"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SIMATIC Drive Controller family (All versions \u003c V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions \u003c V21.9), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions \u003c V4.5.0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions \u003c V2.9.2), SIMATIC S7-1500 Software Controller (All versions \u003c V21.9), SIMATIC S7-PLCSIM Advanced (All versions \u003c V4.0), SINAMICS PERFECT HARMONY GH180 Drives (Drives manufactured before 2021-08-13), SINUMERIK MC (All versions \u003c V6.15), SINUMERIK ONE (All versions \u003c V6.15). Affected devices are vulnerable to a memory protection bypass through a specific operation. A remote unauthenticated attacker with network access to port 102/tcp could potentially write arbitrary data and code to protected memory areas or read sensitive data to launch further attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-434534.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-434534.pdf"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-434536.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-434536.pdf"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-434535.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-434535.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2020-15782",
"datePublished": "2021-05-28T16:10:10",
"dateReserved": "2020-07-15T00:00:00",
"dateUpdated": "2024-08-04T13:22:30.758Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2020-15782\",\"sourceIdentifier\":\"productcert@siemens.com\",\"published\":\"2021-05-28T16:15:07.790\",\"lastModified\":\"2024-11-21T05:06:10.140\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability has been identified in SIMATIC Drive Controller family (All versions \u003c V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions \u003c V21.9), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions \u003c V4.5.0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions \u003c V2.9.2), SIMATIC S7-1500 Software Controller (All versions \u003c V21.9), SIMATIC S7-PLCSIM Advanced (All versions \u003c V4.0), SINAMICS PERFECT HARMONY GH180 Drives (Drives manufactured before 2021-08-13), SINUMERIK MC (All versions \u003c V6.15), SINUMERIK ONE (All versions \u003c V6.15). Affected devices are vulnerable to a memory protection bypass through a specific operation. A remote unauthenticated attacker with network access to port 102/tcp could potentially write arbitrary data and code to protected memory areas or read sensitive data to launch further attacks.\"},{\"lang\":\"es\",\"value\":\"Se ha identificado una vulnerabilidad en la familia SIMATIC Drive Controller (Todas las versiones anteriores a la versi\u00f3n V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incluyendo las variantes SIPLUS) (Todas las versiones), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incluyendo las variantes SIPLUS) (Todas las versiones anteriores a la versi\u00f3n V21.9), familia SIMATIC S7-1200 CPU (incluyendo las variantes SIPLUS) (Todas las versiones anteriores a la versi\u00f3n V4.5.0), familia SIMATIC S7-1500 CPU (incluyendo CPU ET200 relacionadas y variantes SIPLUS) (Todas las versiones anteriores a la versi\u00f3n V2.9.2), SIMATIC S7-1500 Software Controller (Todas las versiones anteriores a la versi\u00f3n V21.9), SIMATIC S7-PLCSIM Advanced (Todas las versiones anteriores a la versi\u00f3n V4.0), SINAMICS PERFECT HARMONY GH180 Drives (Unidades fabricadas antes de 2021-08-13), SINUMERIK MC (Todas las versiones anteriores a la versi\u00f3n V6.15), SINUMERIK ONE (Todas las versiones anteriores a la versi\u00f3n V6.15). Los dispositivos afectados son vulnerables a una omisi\u00f3n de protecci\u00f3n de la memoria mediante una operaci\u00f3n espec\u00edfica. Un atacante remoto no autenticado con acceso de red al puerto 102/tcp podr\u00eda potencialmente escribir datos y c\u00f3digo arbitrario en \u00e1reas de memoria protegidas o leer datos confidenciales para iniciar m\u00e1s ataques\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"productcert@siemens.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:simatic_driver_controller_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.9.2\",\"matchCriteriaId\":\"A7B8C5FB-3BF8-4A74-AB58-474D754CFBBA\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:cpu_1504d_tf:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6150A06A-0EB8-46CC-A118-2E70BF183CFE\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:cpu_1507d_tf:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1F33CBC2-330D-4791-9BAB-ECEF3720BBC0\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:s7-1200_cpu_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.5.0\",\"matchCriteriaId\":\"6852AC11-6388-4D26-923E-DB8933F05EDC\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:cpu_1211c:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"172D341B-D863-4C24-9B6E-633EBE87C8C9\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:cpu_1212c:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1B475E4F-EE4F-4435-9F0B-8E4FA35377BE\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:cpu_1212fc:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1402D624-5AF3-4E25-A2B0-9D9F214EE8FE\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:cpu_1214c:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1F714315-8BEB-4BD3-BE59-C6649A0A105E\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:cpu_1214fc:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2A988C9F-60DF-4BC5-A890-F03F445DD9BD\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:cpu_1215c:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C90820D3-3F3E-4DC4-9DCE-A498CC26268D\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:cpu_1215fc:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BAF22AB6-6DAA-4983-99DB-4F2A2E76856F\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:cpu_1217c:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4C95F12D-563A-4915-9F26-A461EB4F8FA1\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:s7-1500_cpu_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.9.2\",\"matchCriteriaId\":\"7D8BEAD8-461A-4832-8BF7-9F2CE8ADB6BC\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:6es7510-1dj01-0ab0:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0645616B-B515-49BE-9C9A-33A0E9E7C108\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:6es7510-1sj01-0ab0:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8D11FF81-01F3-4B07-B57C-8B43DAD3640A\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:6es7511-1ak01-0ab0:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B9FFB12A-E3B7-4273-AAAF-0AECB9BB69C0\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:6es7511-1ak02-0ab0:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"25A19AB0-CCC8-4513-8182-68CE66F136F1\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:6es7511-1ck00-0ab0:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DED5460A-76CF-4830-AAFB-A10CE7EFD129\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:6es7511-1ck01-0ab0:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"207FD076-F2B7-4DE5-8390-E135A09DBD26\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:6es7511-1fk01-0ab0:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DF0FB5A5-A930-4635-B483-991611967E1E\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:6es7511-1fk02-0ab0:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7F039613-55B4-45E9-9E12-9603DF424A6A\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:6es7511-1tk01-0ab0:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BA18592B-0624-4C06-AC5E-1336E9E02C11\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:6es7511-1uk01-0ab0:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F3C00821-4873-4B80-ADC5-FED9FFD810DC\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:6es7512-1ck00-0ab0:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4E4D7484-F6E9-4A5C-9695-691FC48D602C\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:6es7512-1ck01-0ab0:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DE762064-FE24-4A1D-94DA-7411CC701B8A\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:6es7512-1dk01-0ab0:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2A1B45F7-14BA-45B5-AE0F-25F4E77CB40E\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:6es7512-1sk01-0ab0:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CC5C0BB0-A443-4764-9A9F-828882556665\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:6es7513-1al01-0ab0:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7CC9DB1B-DDAC-4FD2-BB9E-F64941C14E58\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:6es7513-1al02-0ab0:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1C01A87E-E18E-4E83-BCC5-AAE48E177B96\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:6es7513-1fl01-0ab0:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5426F764-765B-4E80-86D5-A86EF95A53F6\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:6es7513-1fl02-0ab0:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F16BF979-9B89-42C9-8B5D-2A9F5E76F10E\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:6es7513-1rl00-0ab0:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D7FC9267-B12D-4E13-BEB5-7D61989C1047\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:6es7513-2gl00-0ab0:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"91E3A8F5-7BC8-43C5-84D9-00DCEB4D4E05\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:6es7513-2pl00-0ab0:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CAA520E3-A01E-441C-95B3-B3481C4405C4\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:6es7515-2am01-0ab0:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DBFB9E73-59C8-4E05-ABDD-335315EE37CD\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:6es7515-2am02-0ab0:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"225036D8-E501-4069-9D30-C243AE79CA2B\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:6es7515-2fm01-0ab0:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"69F4097E-27F4-43EB-81E7-BD497477396F\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:6es7515-2fm02-0ab0:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CF247FF5-E912-44E1-8D0A-781912797783\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:6es7515-2rm00-0ab0:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B707B729-AEF1-446D-9E85-5504BF098635\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:6es7515-2tm01-0ab0:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6DD88AAE-1926-47AA-9071-E657053D9A91\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:6es7515-2um01-0ab0:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C71F8606-63FC-4BC6-830C-1FF19B30110A\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:6es7516-2gn00-0ab0:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEA0DD75-F6B4-41A7-A9AA-03FAFAA38B16\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:6es7516-2pn00-0ab0:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1CBB9517-4F18-4CB9-B7F3-4D30D6E9DCE2\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:6es7516-3an01-0ab0:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"56C07F7B-5042-44BA-B5F3-438A60A776D7\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:6es7516-3an02-0ab0:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9D2412B1-8ADC-48AC-85CF-BAE6E3674B29\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:6es7516-3fn01-0ab0:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B6F8F1FC-3F9A-48B0-A6EE-9AB66AB4A1E5\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:6es7516-3fn02-0ab0:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BC0DCCCE-1348-48FC-BD48-0D23F4A8A69D\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:6es7516-3tn00-0ab0:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E728548F-2F18-4BF4-8A32-83CBAE2D5A12\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:6es7516-3un00-0ab0:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BE4AEE6E-03BA-4302-9D77-FC3102A216E9\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:6es7517-3ap00-0ab0:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C49DB60C-69FB-4251-9185-02CABCB66E86\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:6es7517-3fp00-0ab0:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5628EB18-2D21-40F2-ACCC-65EF5D9A5BB3\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:6es7517-3hp00-0ab0:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2E341A3B-D0F6-49EC-AE13-CC2D0DA6AF15\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:6es7517-3tp00-0ab0:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BD084757-FD90-45BA-96D2-F885741EE205\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:6es7517-3up00-0ab0:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1A49F3BE-3391-423F-9EBC-5DAEB1A33C06\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:6es7518-4ap00-0ab0:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A40D89C7-A781-407A-B675-507E3211EB38\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:6es7518-4ap00-3ab0:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"91BAF17B-E442-48E2-8484-547CB4375213\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:6es7518-4fp00-0ab0:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F17DE4F0-A475-4F08-99A5-36744978FEB2\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:6es7518-4fp00-3ab0:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BC059287-41DD-4926-A17A-ED256541AD28\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:simatic_s7-1500__software_controller:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B6745F8B-D98C-4410-AB01-CE6EE3DDCB4A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:simatic_s7-plcsim_advanced:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.0\",\"matchCriteriaId\":\"E58BF80D-955E-44DE-B376-FC632C197390\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:et_200sp_open_controller_firmware:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1EA915A3-BC37-4907-8207-AD3B2E4C488F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:cpu_1515sp_pc:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F01ED37-3930-48BD-B911-388775A1715A\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:cpu_1515sp_pc2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"02DE6F0F-C1FD-4007-AFA4-12F79C8DF1EC\"}]}]}],\"references\":[{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-434534.pdf\",\"source\":\"productcert@siemens.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-434535.pdf\",\"source\":\"productcert@siemens.com\"},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-434536.pdf\",\"source\":\"productcert@siemens.com\"},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-434534.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-434535.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-434536.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
ICSA-21-194-17
Vulnerability from csaf_cisa
Published
2021-07-13 00:00
Modified
2025-05-06 06:00
Summary
Siemens SINUMERIK ONE and SINUMERIK MC (Update A)
Notes
Summary
SINUMERIK ONE and SINUMERIK MC products are affected by a memory protection bypass vulnerability in the integrated S7-1500 CPU that could allow an attacker to write arbitrary data and code to protected memory areas or read sensitive data to launch further attacks on the CPU.
Siemens has released updates for the affected products and recommends that customers update to the new version.
General Recommendations
As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.
Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity
Additional Resources
For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories
Terms of Use
Siemens Security Advisories are subject to the terms and conditions contained in Siemens' underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter "License Terms"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens' Global Website (https://www.siemens.com/terms_of_use, hereinafter "Terms of Use"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.
Legal Notice
All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Advisory Conversion Disclaimer
This CISA CSAF advisory was converted from Siemens ProductCERT's CSAF advisory.
Critical infrastructure sectors
Multiple
Countries/areas deployed
Worldwide
Company headquarters location
Germany
Recommended Practices
CISA recommends users take defensive measures to minimize the exploitation risk of these vulnerabilities.
Recommended Practices
Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.
Recommended Practices
Locate control system networks and remote devices behind firewalls and isolate them from business networks.
Recommended Practices
When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.
Recommended Practices
CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
Recommended Practices
CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices
CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Recommended Practices
Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
{
"document": {
"acknowledgments": [
{
"organization": "Siemens ProductCERT",
"summary": "reporting this vulnerability to CISA."
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://us-cert.cisa.gov/tlp/"
}
},
"notes": [
{
"category": "summary",
"text": "SINUMERIK ONE and SINUMERIK MC products are affected by a memory protection bypass vulnerability in the integrated S7-1500 CPU that could allow an attacker to write arbitrary data and code to protected memory areas or read sensitive data to launch further attacks on the CPU.\n\nSiemens has released updates for the affected products and recommends that customers update to the new version.",
"title": "Summary"
},
{
"category": "general",
"text": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity",
"title": "General Recommendations"
},
{
"category": "general",
"text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "Siemens Security Advisories are subject to the terms and conditions contained in Siemens\u0027 underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter \"License Terms\"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens\u0027 Global Website (https://www.siemens.com/terms_of_use, hereinafter \"Terms of Use\"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.",
"title": "Terms of Use"
},
{
"category": "legal_disclaimer",
"text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
"title": "Legal Notice"
},
{
"category": "other",
"text": "This CISA CSAF advisory was converted from Siemens ProductCERT\u0027s CSAF advisory.",
"title": "Advisory Conversion Disclaimer"
},
{
"category": "other",
"text": "Multiple",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "Germany",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "CISA recommends users take defensive measures to minimize the exploitation risk of these vulnerabilities.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Locate control system networks and remote devices behind firewalls and isolate them from business networks.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
}
],
"publisher": {
"category": "other",
"contact_details": "central@cisa.dhs.gov",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "SSA-434536: Memory Protection Bypass Vulnerability in SINUMERIK ONE and SINUMERIK MC - CSAF Version",
"url": "https://cert-portal.siemens.com/productcert/csaf/ssa-434536.json"
},
{
"category": "self",
"summary": "SSA-434536: Memory Protection Bypass Vulnerability in SINUMERIK ONE and SINUMERIK MC - TXT Version",
"url": "https://cert-portal.siemens.com/productcert/txt/ssa-434536.txt"
},
{
"category": "self",
"summary": "SSA-434536: Memory Protection Bypass Vulnerability in SINUMERIK ONE and SINUMERIK MC - PDF Version",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-434536.pdf"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-21-194-17 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2021/icsa-21-194-17.json"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-21-194-17 - Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-21-194-17"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/topics/industrial-control-systems"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
}
],
"title": "Siemens SINUMERIK ONE and SINUMERIK MC (Update A)",
"tracking": {
"current_release_date": "2025-05-06T06:00:00.000000Z",
"generator": {
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-21-194-17",
"initial_release_date": "2021-07-13T00:00:00.000000Z",
"revision_history": [
{
"date": "2021-07-13T00:00:00.000000Z",
"legacy_version": "1.0",
"number": "1",
"summary": "Publication Date"
},
{
"date": "2021-09-14T00:00:00.000000Z",
"legacy_version": "1.1",
"number": "2",
"summary": "Added solution for SINUMERIK MC and SINUMERIK ONE"
},
{
"date": "2025-05-06T06:00:00.000000Z",
"legacy_version": "Revision",
"number": "3",
"summary": "Revision - Fixing typos"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV6.15",
"product": {
"name": "SINUMERIK MC",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "SINUMERIK MC"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV6.15",
"product": {
"name": "SINUMERIK ONE",
"product_id": "CSAFPID-0002"
}
}
],
"category": "product_name",
"name": "SINUMERIK ONE"
}
],
"category": "vendor",
"name": "Siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-15782",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "summary",
"text": "Affected devices are vulnerable to a memory protection bypass through a specific operation.\n\nA remote unauthenticated attacker with network access to port 102/tcp could potentially write arbitrary data and code to protected memory areas or read sensitive data to launch further attacks.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"summary": "CVE-2020-15782 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2020-15782.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V6.15 or later version",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Limit access to port 102/tcp to trusted users and systems only",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"title": "CVE-2020-15782"
}
]
}
ICSA-21-194-13
Vulnerability from csaf_cisa
Published
2021-07-13 00:00
Modified
2021-09-14 00:00
Summary
Siemens SINAMICS PERFECT HARMONY GH180 (Update A)
Notes
CISA Disclaimer
This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov
Legal Notice
All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Risk evaluation
Successful exploitation of this vulnerability could result in arbitrary code execution and unauthorized access to sensitive data.
Critical infrastructure sectors
Critical Manufacturing, Energy
Countries/areas deployed
Worldwide
Company headquarters location
Germany
Recommended Practices
CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:
Recommended Practices
CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
CISA also provides a section for control systems security recommended practices on the ICS webpage onus-cert.cisa.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices
Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on us-cert.cisa.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.
Exploitability
No known public exploits specifically target this vulnerability.
{
"document": {
"acknowledgments": [
{
"organization": "Siemens",
"summary": "reporting this vulnerability to CISA"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://us-cert.cisa.gov/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
"title": "CISA Disclaimer"
},
{
"category": "legal_disclaimer",
"text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
"title": "Legal Notice"
},
{
"category": "summary",
"text": "Successful exploitation of this vulnerability could result in arbitrary code execution and unauthorized access to sensitive data.",
"title": "Risk evaluation"
},
{
"category": "other",
"text": "Critical Manufacturing, Energy",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "Germany",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\nCISA also provides a section for control systems security recommended practices on the ICS webpage onus-cert.cisa.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on us-cert.cisa.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.\nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
},
{
"category": "other",
"text": "No known public exploits specifically target this vulnerability.",
"title": "Exploitability"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "ICS Advisory ICSA-21-194-13 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2021/icsa-21-194-13.json"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-21-194-13 Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-21-194-13"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://us-cert.cisa.gov/ics/alerts/ICS-ALERT-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://us-cert.cisa.gov/ics/tips/ICS-TIP-12-146-01B"
}
],
"title": "Siemens SINAMICS PERFECT HARMONY GH180 (Update A)",
"tracking": {
"current_release_date": "2021-09-14T00:00:00.000000Z",
"generator": {
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-21-194-13",
"initial_release_date": "2021-07-13T00:00:00.000000Z",
"revision_history": [
{
"date": "2021-07-13T00:00:00.000000Z",
"legacy_version": "Initial",
"number": "1",
"summary": "ICSA-21-194-13 Siemens SINAMICS PERFECT HARMONY GH180"
},
{
"date": "2021-09-14T00:00:00.000000Z",
"legacy_version": "A",
"number": "2",
"summary": "ICSA-21-194-13 Siemens SINAMICS PERFECT HARMONY GH180 (Update A)"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c 2021-8-13",
"product": {
"name": "SINAMICS PERFECT HARMONY GH180 Drives: manufactured before 2021-8-13",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "SINAMICS PERFECT HARMONY GH180 Drives"
},
{
"branches": [
{
"category": "product_version",
"name": "W41 with X30 air - air hex",
"product": {
"name": "SINAMICS PERFECT HARMONY model 6SR4: with option W41 with X30 air to air hex",
"product_id": "CSAFPID-0002"
}
}
],
"category": "product_name",
"name": "SINAMICS PERFECT HARMONY model 6SR4"
},
{
"branches": [
{
"category": "product_version",
"name": "A84 | A85 E06 W41 with X30 air - air hex",
"product": {
"name": "SINAMICS PERFECT HARMONY model 6SR5: with options A84 A85 E06 W41 with X30 air to air hex",
"product_id": "CSAFPID-0003"
}
}
],
"category": "product_name",
"name": "SINAMICS PERFECT HARMONY model 6SR5"
}
],
"category": "vendor",
"name": "Siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-15782",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "summary",
"text": "A remote unauthenticated attacker with network access could potentially write arbitrary data and code to protected memory areas or read sensitive data to launch further attacks. CVE-2020-15782 has been assigned to this vulnerability. A CVSS v3 base score of 8.1 has been calculated; the CVSS vector string is (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15782"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Siemens has identified the following specific mitigations and workarounds users can apply to reduce the risk:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
]
},
{
"category": "vendor_fix",
"details": "As a general security measure, Siemens strongly recommends users protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends users configure the environment according to Siemens operational guidelines for industrial security, and follow the recommendations in the product manual.\nAdditional information on industrial security by Siemens can be found at: https://www.siemens.com/industrialsecurity\nFor more information about this issue, please see Siemens security advisories SSA-434535 and SSA-434534.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-434534.pdf"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
]
}
]
}
]
}
icsa-21-152-01
Vulnerability from csaf_cisa
Published
2021-05-28 00:00
Modified
2025-05-06 06:00
Summary
Siemens SIMATIC S7-1200 and S7-1500 CPU Families (Update A)
Notes
Summary
SIMATIC S7-1200 and S7-1500 CPU products contain a memory protection bypass vulnerability that could allow an attacker to write arbitrary data and code to protected memory areas or read sensitive data to launch further attacks.
Siemens has released updates for several affected products and strongly recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not, or not yet available.
General Recommendations
As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.
Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity
Additional Resources
For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories
Terms of Use
Siemens Security Advisories are subject to the terms and conditions contained in Siemens' underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter "License Terms"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens' Global Website (https://www.siemens.com/terms_of_use, hereinafter "Terms of Use"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.
Legal Notice
All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Advisory Conversion Disclaimer
This CISA CSAF advisory was converted from Siemens ProductCERT's CSAF advisory.
Critical infrastructure sectors
Multiple
Countries/areas deployed
Worldwide
Company headquarters location
Germany
Recommended Practices
CISA recommends users take defensive measures to minimize the exploitation risk of these vulnerabilities.
Recommended Practices
Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.
Recommended Practices
Locate control system networks and remote devices behind firewalls and isolate them from business networks.
Recommended Practices
When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.
Recommended Practices
CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
Recommended Practices
CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices
CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Recommended Practices
Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
{
"document": {
"acknowledgments": [
{
"names": [
"Tal Keren"
],
"organization": "Claroty",
"summary": "coordinated disclosure"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://us-cert.cisa.gov/tlp/"
}
},
"notes": [
{
"category": "summary",
"text": "SIMATIC S7-1200 and S7-1500 CPU products contain a memory protection bypass vulnerability that could allow an attacker to write arbitrary data and code to protected memory areas or read sensitive data to launch further attacks.\n\nSiemens has released updates for several affected products and strongly recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not, or not yet available.",
"title": "Summary"
},
{
"category": "general",
"text": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity",
"title": "General Recommendations"
},
{
"category": "general",
"text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "Siemens Security Advisories are subject to the terms and conditions contained in Siemens\u0027 underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter \"License Terms\"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens\u0027 Global Website (https://www.siemens.com/terms_of_use, hereinafter \"Terms of Use\"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.",
"title": "Terms of Use"
},
{
"category": "legal_disclaimer",
"text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
"title": "Legal Notice"
},
{
"category": "other",
"text": "This CISA CSAF advisory was converted from Siemens ProductCERT\u0027s CSAF advisory.",
"title": "Advisory Conversion Disclaimer"
},
{
"category": "other",
"text": "Multiple",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "Germany",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "CISA recommends users take defensive measures to minimize the exploitation risk of these vulnerabilities.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Locate control system networks and remote devices behind firewalls and isolate them from business networks.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
}
],
"publisher": {
"category": "other",
"contact_details": "central@cisa.dhs.gov",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "SSA-434534: Memory Protection Bypass Vulnerability in SIMATIC S7-1200 and S7-1500 CPU Families - CSAF Version",
"url": "https://cert-portal.siemens.com/productcert/csaf/ssa-434534.json"
},
{
"category": "self",
"summary": "SSA-434534: Memory Protection Bypass Vulnerability in SIMATIC S7-1200 and S7-1500 CPU Families - TXT Version",
"url": "https://cert-portal.siemens.com/productcert/txt/ssa-434534.txt"
},
{
"category": "self",
"summary": "SSA-434534: Memory Protection Bypass Vulnerability in SIMATIC S7-1200 and S7-1500 CPU Families - PDF Version",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-434534.pdf"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-21-152-01 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2021/icsa-21-152-01.json"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-21-152-01 - Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-21-152-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/topics/industrial-control-systems"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
}
],
"title": "Siemens SIMATIC S7-1200 and S7-1500 CPU Families (Update A)",
"tracking": {
"current_release_date": "2025-05-06T06:00:00.000000Z",
"generator": {
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-21-152-01",
"initial_release_date": "2021-05-28T00:00:00.000000Z",
"revision_history": [
{
"date": "2021-05-28T00:00:00.000000Z",
"legacy_version": "1.0",
"number": "1",
"summary": "Publication Date"
},
{
"date": "2021-09-14T00:00:00.000000Z",
"legacy_version": "1.1",
"number": "2",
"summary": "Added solution for SIMATIC ET 200SP Open Controller CPU 1515SP PC2 and for SIMATIC S7-1500 Software Controller"
},
{
"date": "2025-05-06T06:00:00.000000Z",
"legacy_version": "Revision",
"number": "3",
"summary": "Revision - Fixing typos"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV2.9.2",
"product": {
"name": "SIMATIC Drive Controller family",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "SIMATIC Drive Controller family"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV21.9",
"product": {
"name": "SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)",
"product_id": "CSAFPID-0002"
}
}
],
"category": "product_name",
"name": "SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants)",
"product_id": "CSAFPID-0003"
}
}
],
"category": "product_name",
"name": "SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV4.5.0",
"product": {
"name": "SIMATIC S7-1200 CPU family (incl. SIPLUS variants)",
"product_id": "CSAFPID-0004"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-1200 CPU family (incl. SIPLUS variants)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV2.9.2",
"product": {
"name": "SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants)",
"product_id": "CSAFPID-0005"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV21.9",
"product": {
"name": "SIMATIC S7-1500 Software Controller",
"product_id": "CSAFPID-0006"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-1500 Software Controller"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV4.0",
"product": {
"name": "SIMATIC S7-PLCSIM Advanced",
"product_id": "CSAFPID-0007"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-PLCSIM Advanced"
}
],
"category": "vendor",
"name": "Siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-15782",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "summary",
"text": "Affected devices are vulnerable to a memory protection bypass through a specific operation.\n\nA remote unauthenticated attacker with network access to port 102/tcp could potentially write arbitrary data and code to protected memory areas or read sensitive data to launch further attacks.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007"
]
},
"references": [
{
"summary": "CVE-2020-15782 - SIMATIC Drive Controller family",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109773914/"
},
{
"summary": "CVE-2020-15782 - SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109759122/"
},
{
"summary": "CVE-2020-15782 - SIMATIC S7-1200 CPU family (incl. SIPLUS variants)",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109793280/"
},
{
"summary": "CVE-2020-15782 - SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants)",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
},
{
"summary": "CVE-2020-15782 - SIMATIC S7-1500 Software Controller",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478528/"
},
{
"summary": "CVE-2020-15782 - SIMATIC S7-PLCSIM Advanced",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109795016/"
},
{
"summary": "CVE-2020-15782 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2020-15782.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.9.2 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109773914/"
},
{
"category": "vendor_fix",
"details": "Update to V21.9 or later version",
"product_ids": [
"CSAFPID-0002"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109759122/"
},
{
"category": "none_available",
"details": "Currently no remediation is available",
"product_ids": [
"CSAFPID-0003"
]
},
{
"category": "vendor_fix",
"details": "Update to V4.5.0 or later version",
"product_ids": [
"CSAFPID-0004"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109793280/"
},
{
"category": "vendor_fix",
"details": "Update to V2.9.2 or later version",
"product_ids": [
"CSAFPID-0005"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
},
{
"category": "vendor_fix",
"details": "Update to V21.9 or later version",
"product_ids": [
"CSAFPID-0006"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478528/"
},
{
"category": "vendor_fix",
"details": "Update to V4.0 or later version",
"product_ids": [
"CSAFPID-0007"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109795016/"
},
{
"category": "mitigation",
"details": "Apply password protection for S7 communication",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007"
]
},
{
"category": "mitigation",
"details": "Disallow client connections via the ENDIS_PW instruction of the S7-1200 or S7-1500 CPU (This blocks remote client connections, even when the client can provide the correct password)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007"
]
},
{
"category": "mitigation",
"details": "Use the display to configure additional access protection of the S7-1500 CPU (This blocks remote client connections, even when the client can provide the correct password)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007"
]
},
{
"category": "mitigation",
"details": "Apply \"defense in depth\" as outlined on pages 12ff of the operational guidelines for Industrial Security, especially:\n\n- Plant security: Physical prevention of access to critical components\n- Network security: Ensure that PLC systems are not connected to untrusted networks\n\n* System integrity: Configure, maintain and protect your device by applying applicable compensating controls and using built-in security capabilities",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007"
]
},
{
"category": "mitigation",
"details": "Update your entire solution to TIA Portal V17 and use TLS communication using individual certificates between PLC, HMIs and PG/PC",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007"
]
}
],
"title": "CVE-2020-15782"
}
]
}
icsa-21-194-13
Vulnerability from csaf_cisa
Published
2021-07-13 00:00
Modified
2021-09-14 00:00
Summary
Siemens SINAMICS PERFECT HARMONY GH180 (Update A)
Notes
CISA Disclaimer
This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov
Legal Notice
All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Risk evaluation
Successful exploitation of this vulnerability could result in arbitrary code execution and unauthorized access to sensitive data.
Critical infrastructure sectors
Critical Manufacturing, Energy
Countries/areas deployed
Worldwide
Company headquarters location
Germany
Recommended Practices
CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:
Recommended Practices
CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
CISA also provides a section for control systems security recommended practices on the ICS webpage onus-cert.cisa.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices
Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on us-cert.cisa.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.
Exploitability
No known public exploits specifically target this vulnerability.
{
"document": {
"acknowledgments": [
{
"organization": "Siemens",
"summary": "reporting this vulnerability to CISA"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://us-cert.cisa.gov/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
"title": "CISA Disclaimer"
},
{
"category": "legal_disclaimer",
"text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
"title": "Legal Notice"
},
{
"category": "summary",
"text": "Successful exploitation of this vulnerability could result in arbitrary code execution and unauthorized access to sensitive data.",
"title": "Risk evaluation"
},
{
"category": "other",
"text": "Critical Manufacturing, Energy",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "Germany",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\nCISA also provides a section for control systems security recommended practices on the ICS webpage onus-cert.cisa.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on us-cert.cisa.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.\nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
},
{
"category": "other",
"text": "No known public exploits specifically target this vulnerability.",
"title": "Exploitability"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "ICS Advisory ICSA-21-194-13 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2021/icsa-21-194-13.json"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-21-194-13 Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-21-194-13"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://us-cert.cisa.gov/ics/alerts/ICS-ALERT-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://us-cert.cisa.gov/ics/tips/ICS-TIP-12-146-01B"
}
],
"title": "Siemens SINAMICS PERFECT HARMONY GH180 (Update A)",
"tracking": {
"current_release_date": "2021-09-14T00:00:00.000000Z",
"generator": {
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-21-194-13",
"initial_release_date": "2021-07-13T00:00:00.000000Z",
"revision_history": [
{
"date": "2021-07-13T00:00:00.000000Z",
"legacy_version": "Initial",
"number": "1",
"summary": "ICSA-21-194-13 Siemens SINAMICS PERFECT HARMONY GH180"
},
{
"date": "2021-09-14T00:00:00.000000Z",
"legacy_version": "A",
"number": "2",
"summary": "ICSA-21-194-13 Siemens SINAMICS PERFECT HARMONY GH180 (Update A)"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c 2021-8-13",
"product": {
"name": "SINAMICS PERFECT HARMONY GH180 Drives: manufactured before 2021-8-13",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "SINAMICS PERFECT HARMONY GH180 Drives"
},
{
"branches": [
{
"category": "product_version",
"name": "W41 with X30 air - air hex",
"product": {
"name": "SINAMICS PERFECT HARMONY model 6SR4: with option W41 with X30 air to air hex",
"product_id": "CSAFPID-0002"
}
}
],
"category": "product_name",
"name": "SINAMICS PERFECT HARMONY model 6SR4"
},
{
"branches": [
{
"category": "product_version",
"name": "A84 | A85 E06 W41 with X30 air - air hex",
"product": {
"name": "SINAMICS PERFECT HARMONY model 6SR5: with options A84 A85 E06 W41 with X30 air to air hex",
"product_id": "CSAFPID-0003"
}
}
],
"category": "product_name",
"name": "SINAMICS PERFECT HARMONY model 6SR5"
}
],
"category": "vendor",
"name": "Siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-15782",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "summary",
"text": "A remote unauthenticated attacker with network access could potentially write arbitrary data and code to protected memory areas or read sensitive data to launch further attacks. CVE-2020-15782 has been assigned to this vulnerability. A CVSS v3 base score of 8.1 has been calculated; the CVSS vector string is (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15782"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Siemens has identified the following specific mitigations and workarounds users can apply to reduce the risk:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
]
},
{
"category": "vendor_fix",
"details": "As a general security measure, Siemens strongly recommends users protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends users configure the environment according to Siemens operational guidelines for industrial security, and follow the recommendations in the product manual.\nAdditional information on industrial security by Siemens can be found at: https://www.siemens.com/industrialsecurity\nFor more information about this issue, please see Siemens security advisories SSA-434535 and SSA-434534.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-434534.pdf"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
]
}
]
}
]
}
icsa-25-182-01
Vulnerability from csaf_cisa
Published
2024-09-09 07:00
Modified
2024-09-09 07:00
Summary
FESTO Didactic CP, MPS 200, and MPS 400 Firmware
Notes
General recommendations
As part of a security strategy, Festo recommends the following general defense measures to reduce the risk of exploits:
- Use controllers and devices only in a protected environment to minimize network exposure and ensure that they are not accessible from outside.
- Use firewalls to protect and separate the control system network from other networks.
- Use VPN (Virtual Private Networks) tunnels if remote access is required.
- Activate and apply user management and password features.
- Use encrypted communication links.
- Limit the access to both development and control system by physical means, operating system features, etc.
- Protect both development and control systems by using up-to-date virus detection solutions.
Festo strongly recommends minimizing and protecting network access to connected devices with state-of-the-art techniques and processes.
To ensure secure operation follow the recommendations in the product manuals.
Summary
Siemens SIMATIC S7-1200 and S7-1500 CPUs contained in various Festo Didactic products contain a memory protection bypass vulnerability that could allow an attacker to write arbitrary data and code to protected memory areas or read sensitive data to launch further attacks
Disclaimer
Festo assumes no liability whatsoever for indirect, collateral, accidental or consequential losses that occur by the distribution and/or use of this document or any losses in connection with the distribution and/or use of this document. All information published in this document is provided free of charge and on good faith by Festo. Insofar as permissible by law, however, none of this information shall establish any warranty, guarantee, commitment or liability on the part of Festo. Note: In no case does these information release the operator or responsible person from the obligation to check the effect on his system or installation before using the information and, in the event of negative consequences, not to use the information.
In addition, the actual general terms and conditions of Festo for delivery, payment and software use shall apply, available under http://www.festo.com.
Impact
Siemens SIMATIC S7-1200 and S7-1500 CPUs have a memory protection bypass vulnerability allowing attackers to write or read data in protected memory, potentially enabling further attacks.
Remediation
Update Siemens Simatic S7-1500 / ET200SP Firmware to V2.9.2 or higher
Legal Notice
All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Advisory Conversion Disclaimer
This ICSA is a verbatim republication of Festo SE & Co. KG FSA-202405 from a direct conversion of their vendor's Common Security Advisory Framework (CSAF) advisory. This is republished to CISA's website as a means of increasing visibility and is provided "as-is" for informational purposes only. CISA is not responsible for the editorial or technical accuracy of republished advisories and provides no warranties of any kind regarding any information contained within this advisory. Further, CISA does not endorse any commercial product or service. Please contact Festo SE & Co. KG directly for any questions regarding this advisory.
Critical infrastructure sectors
Critical manufacturing
Countries/areas deployed
Worldwide
Company headquarters location
Germany
Recommended Practices
CISA recommends users take defensive measures to minimize the exploitation risk of these vulnerabilities.
Recommended Practices
Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.
Recommended Practices
Locate control system networks and remote devices behind firewalls and isolate them from business networks.
Recommended Practices
When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.
Recommended Practices
CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
Recommended Practices
CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices
CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Recommended Practices
Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
{
"document": {
"acknowledgments": [
{
"organization": "CERT@VDE",
"summary": "coordination",
"urls": [
"https://cert.vde.com/"
]
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://us-cert.cisa.gov/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "general",
"text": "As part of a security strategy, Festo recommends the following general defense measures to reduce the risk of exploits: \n- Use controllers and devices only in a protected environment to minimize network exposure and ensure that they are not accessible from outside.\n- Use firewalls to protect and separate the control system network from other networks.\n- Use VPN (Virtual Private Networks) tunnels if remote access is required.\n- Activate and apply user management and password features.\n- Use encrypted communication links.\n- Limit the access to both development and control system by physical means, operating system features, etc. \n- Protect both development and control systems by using up-to-date virus detection solutions.\n\nFesto strongly recommends minimizing and protecting network access to connected devices with state-of-the-art techniques and processes. \nTo ensure secure operation follow the recommendations in the product manuals.",
"title": "General recommendations"
},
{
"category": "summary",
"text": "Siemens SIMATIC S7-1200 and S7-1500 CPUs contained in various Festo Didactic products contain a memory protection bypass vulnerability that could allow an attacker to write arbitrary data and code to protected memory areas or read sensitive data to launch further attacks",
"title": "Summary"
},
{
"category": "legal_disclaimer",
"text": "Festo assumes no liability whatsoever for indirect, collateral, accidental or consequential losses that occur by the distribution and/or use of this document or any losses in connection with the distribution and/or use of this document. All information published in this document is provided free of charge and on good faith by Festo. Insofar as permissible by law, however, none of this information shall establish any warranty, guarantee, commitment or liability on the part of Festo. Note: In no case does these information release the operator or responsible person from the obligation to check the effect on his system or installation before using the information and, in the event of negative consequences, not to use the information.\n\n\nIn addition, the actual general terms and conditions of Festo for delivery, payment and software use shall apply, available under http://www.festo.com.",
"title": "Disclaimer"
},
{
"category": "description",
"text": "Siemens SIMATIC S7-1200 and S7-1500 CPUs have a memory protection bypass vulnerability allowing attackers to write or read data in protected memory, potentially enabling further attacks.",
"title": "Impact"
},
{
"category": "description",
"text": "Update Siemens Simatic S7-1500 / ET200SP Firmware to V2.9.2 or higher ",
"title": "Remediation"
},
{
"category": "legal_disclaimer",
"text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
"title": "Legal Notice"
},
{
"category": "other",
"text": "This ICSA is a verbatim republication of Festo SE \u0026 Co. KG FSA-202405 from a direct conversion of their vendor\u0027s Common Security Advisory Framework (CSAF) advisory. This is republished to CISA\u0027s website as a means of increasing visibility and is provided \"as-is\" for informational purposes only. CISA is not responsible for the editorial or technical accuracy of republished advisories and provides no warranties of any kind regarding any information contained within this advisory. Further, CISA does not endorse any commercial product or service. Please contact Festo SE \u0026 Co. KG directly for any questions regarding this advisory.",
"title": "Advisory Conversion Disclaimer"
},
{
"category": "other",
"text": "Critical manufacturing",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "Germany",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "CISA recommends users take defensive measures to minimize the exploitation risk of these vulnerabilities.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Locate control system networks and remote devices behind firewalls and isolate them from business networks.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
}
],
"publisher": {
"category": "other",
"contact_details": "central@cisa.dhs.gov",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "ICS Advisory ICSA-25-182-01 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2025/icsa-25-182-01.json"
},
{
"category": "external",
"summary": "CERT@VDE Security Advisories for Festo",
"url": "https://cert.vde.com/en/advisories/vendor/festo/"
},
{
"category": "external",
"summary": "Link to CVE",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15782"
},
{
"category": "self",
"summary": "VDE-2024-055: Festo: Siemens S7-1500/ET200SP CPU used in Festo Didactic products contains a memory protection bypass vulnerability",
"url": "https://cert.vde.com/en/advisories/VDE-2024-055"
},
{
"category": "external",
"summary": "For further security-related issues in Festo products please contact the Festo Product Security Incident Response Team (PSIRT)",
"url": "https://festo.com/psirt"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-25-182-01 - Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-182-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/topics/industrial-control-systems"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
}
],
"title": "FESTO Didactic CP, MPS 200, and MPS 400 Firmware",
"tracking": {
"aliases": [
"VDE-2024-055"
],
"current_release_date": "2024-09-09T07:00:00.000000Z",
"generator": {
"date": "2025-07-01T15:37:42.858302Z",
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-25-182-01",
"initial_release_date": "2024-09-09T07:00:00.000000Z",
"revision_history": [
{
"date": "2024-09-09T07:00:00.000000Z",
"number": "1.0.0",
"summary": "Initial version"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "CP including S7 PLC",
"product": {
"name": "FESTO Didactic CP including S7 PLC",
"product_id": "CSAFPID-0001"
}
},
{
"category": "product_name",
"name": "MPS 200 Systems",
"product": {
"name": "FESTO Didactic MPS 200 Systems",
"product_id": "CSAFPID-0002"
}
},
{
"category": "product_name",
"name": "MPS 400 Systems",
"product": {
"name": "FESTO Didactic MPS 400 Systems",
"product_id": "CSAFPID-0003"
}
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV2.9.2",
"product": {
"name": "Siemens Simatic S7-1500 / ET200SP \u003c V2.9.2",
"product_id": "CSAFPID-0004"
}
},
{
"category": "product_version_range",
"name": "V2.9.2",
"product": {
"name": "Siemens Simatic S7-1500 / ET200SP V2.9.2",
"product_id": "CSAFPID-0005"
}
}
],
"category": "product_family",
"name": "Firmware Siemens Simatic S7-1500 / ET200SP"
}
],
"category": "vendor",
"name": "FESTO Didactic"
}
],
"product_groups": [
{
"group_id": "CSAFGID-0001",
"product_ids": [
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"summary": "Affected products."
},
{
"group_id": "CSAFGID-0002",
"product_ids": [
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011"
],
"summary": "Fixed products."
}
],
"relationships": [
{
"category": "installed_on",
"full_product_name": {
"name": "Siemens Simatic S7-1500 / ET200SP \u003c V2.9.2 installed on FESTO Didactic CP including S7 PLC",
"product_id": "CSAFPID-0006"
},
"product_reference": "CSAFPID-0004",
"relates_to_product_reference": "CSAFPID-0001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Siemens Simatic S7-1500 / ET200SP \u003c V2.9.2 installed on FESTO Didactic MPS 200 Systems",
"product_id": "CSAFPID-0007"
},
"product_reference": "CSAFPID-0004",
"relates_to_product_reference": "CSAFPID-0002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Siemens Simatic S7-1500 / ET200SP \u003c V2.9.2 installed on FESTO Didactic MPS 400 Systems",
"product_id": "CSAFPID-0008"
},
"product_reference": "CSAFPID-0004",
"relates_to_product_reference": "CSAFPID-0003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Siemens Simatic S7-1500 / ET200SP V2.9.2 installed on FESTO Didactic CP including S7 PLC",
"product_id": "CSAFPID-0009"
},
"product_reference": "CSAFPID-0005",
"relates_to_product_reference": "CSAFPID-0001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Siemens Simatic S7-1500 / ET200SP V2.9.2 installed on FESTO Didactic MPS 200 Systems",
"product_id": "CSAFPID-0010"
},
"product_reference": "CSAFPID-0005",
"relates_to_product_reference": "CSAFPID-0002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Siemens Simatic S7-1500 / ET200SP V2.9.2 installed on FESTO Didactic MPS 400 Systems",
"product_id": "CSAFPID-0011"
},
"product_reference": "CSAFPID-0005",
"relates_to_product_reference": "CSAFPID-0003"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-15782",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"audience": "all",
"category": "description",
"text": "SIMATIC S7-1200 and S7-1500 CPU products contain a memory protection bypass vulnerability that could allow an attacker to write arbitrary data and code to protected memory areas or read sensitive data to launch further attacks. \nSiemens has released updates for several affected products and strongly recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not, or not yet available.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011"
],
"known_affected": [
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
"references": [
{
"category": "external",
"summary": "Vendor advisory (SSA-434534)",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-434534.pdf"
}
],
"remediations": [
{
"category": "vendor_fix",
"date": "2021-05-07T10:00:00.000000Z",
"details": "Update Siemens Simatic S7-1500 / ET200SP Firmware to V2.9.2 or higher ",
"group_ids": [
"CSAFGID-0001"
],
"product_ids": [
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://support.industry.siemens.com/cs/de/en/view/109478459"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"availabilityRequirement": "LOW",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"confidentialityRequirement": "LOW",
"environmentalScore": 8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"integrityRequirement": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/CR:L/IR:L/AR:L",
"version": "3.1"
},
"products": [
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
}
],
"title": "CVE-2020-15782"
}
]
}
ICSA-21-152-01
Vulnerability from csaf_cisa
Published
2021-05-28 00:00
Modified
2025-05-06 06:00
Summary
Siemens SIMATIC S7-1200 and S7-1500 CPU Families (Update A)
Notes
Summary
SIMATIC S7-1200 and S7-1500 CPU products contain a memory protection bypass vulnerability that could allow an attacker to write arbitrary data and code to protected memory areas or read sensitive data to launch further attacks.
Siemens has released updates for several affected products and strongly recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not, or not yet available.
General Recommendations
As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.
Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity
Additional Resources
For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories
Terms of Use
Siemens Security Advisories are subject to the terms and conditions contained in Siemens' underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter "License Terms"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens' Global Website (https://www.siemens.com/terms_of_use, hereinafter "Terms of Use"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.
Legal Notice
All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Advisory Conversion Disclaimer
This CISA CSAF advisory was converted from Siemens ProductCERT's CSAF advisory.
Critical infrastructure sectors
Multiple
Countries/areas deployed
Worldwide
Company headquarters location
Germany
Recommended Practices
CISA recommends users take defensive measures to minimize the exploitation risk of these vulnerabilities.
Recommended Practices
Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.
Recommended Practices
Locate control system networks and remote devices behind firewalls and isolate them from business networks.
Recommended Practices
When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.
Recommended Practices
CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
Recommended Practices
CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices
CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Recommended Practices
Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
{
"document": {
"acknowledgments": [
{
"names": [
"Tal Keren"
],
"organization": "Claroty",
"summary": "coordinated disclosure"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://us-cert.cisa.gov/tlp/"
}
},
"notes": [
{
"category": "summary",
"text": "SIMATIC S7-1200 and S7-1500 CPU products contain a memory protection bypass vulnerability that could allow an attacker to write arbitrary data and code to protected memory areas or read sensitive data to launch further attacks.\n\nSiemens has released updates for several affected products and strongly recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not, or not yet available.",
"title": "Summary"
},
{
"category": "general",
"text": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity",
"title": "General Recommendations"
},
{
"category": "general",
"text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "Siemens Security Advisories are subject to the terms and conditions contained in Siemens\u0027 underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter \"License Terms\"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens\u0027 Global Website (https://www.siemens.com/terms_of_use, hereinafter \"Terms of Use\"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.",
"title": "Terms of Use"
},
{
"category": "legal_disclaimer",
"text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
"title": "Legal Notice"
},
{
"category": "other",
"text": "This CISA CSAF advisory was converted from Siemens ProductCERT\u0027s CSAF advisory.",
"title": "Advisory Conversion Disclaimer"
},
{
"category": "other",
"text": "Multiple",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "Germany",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "CISA recommends users take defensive measures to minimize the exploitation risk of these vulnerabilities.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Locate control system networks and remote devices behind firewalls and isolate them from business networks.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
}
],
"publisher": {
"category": "other",
"contact_details": "central@cisa.dhs.gov",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "SSA-434534: Memory Protection Bypass Vulnerability in SIMATIC S7-1200 and S7-1500 CPU Families - CSAF Version",
"url": "https://cert-portal.siemens.com/productcert/csaf/ssa-434534.json"
},
{
"category": "self",
"summary": "SSA-434534: Memory Protection Bypass Vulnerability in SIMATIC S7-1200 and S7-1500 CPU Families - TXT Version",
"url": "https://cert-portal.siemens.com/productcert/txt/ssa-434534.txt"
},
{
"category": "self",
"summary": "SSA-434534: Memory Protection Bypass Vulnerability in SIMATIC S7-1200 and S7-1500 CPU Families - PDF Version",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-434534.pdf"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-21-152-01 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2021/icsa-21-152-01.json"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-21-152-01 - Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-21-152-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/topics/industrial-control-systems"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
}
],
"title": "Siemens SIMATIC S7-1200 and S7-1500 CPU Families (Update A)",
"tracking": {
"current_release_date": "2025-05-06T06:00:00.000000Z",
"generator": {
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-21-152-01",
"initial_release_date": "2021-05-28T00:00:00.000000Z",
"revision_history": [
{
"date": "2021-05-28T00:00:00.000000Z",
"legacy_version": "1.0",
"number": "1",
"summary": "Publication Date"
},
{
"date": "2021-09-14T00:00:00.000000Z",
"legacy_version": "1.1",
"number": "2",
"summary": "Added solution for SIMATIC ET 200SP Open Controller CPU 1515SP PC2 and for SIMATIC S7-1500 Software Controller"
},
{
"date": "2025-05-06T06:00:00.000000Z",
"legacy_version": "Revision",
"number": "3",
"summary": "Revision - Fixing typos"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV2.9.2",
"product": {
"name": "SIMATIC Drive Controller family",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "SIMATIC Drive Controller family"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV21.9",
"product": {
"name": "SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)",
"product_id": "CSAFPID-0002"
}
}
],
"category": "product_name",
"name": "SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants)",
"product_id": "CSAFPID-0003"
}
}
],
"category": "product_name",
"name": "SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV4.5.0",
"product": {
"name": "SIMATIC S7-1200 CPU family (incl. SIPLUS variants)",
"product_id": "CSAFPID-0004"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-1200 CPU family (incl. SIPLUS variants)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV2.9.2",
"product": {
"name": "SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants)",
"product_id": "CSAFPID-0005"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV21.9",
"product": {
"name": "SIMATIC S7-1500 Software Controller",
"product_id": "CSAFPID-0006"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-1500 Software Controller"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV4.0",
"product": {
"name": "SIMATIC S7-PLCSIM Advanced",
"product_id": "CSAFPID-0007"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-PLCSIM Advanced"
}
],
"category": "vendor",
"name": "Siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-15782",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "summary",
"text": "Affected devices are vulnerable to a memory protection bypass through a specific operation.\n\nA remote unauthenticated attacker with network access to port 102/tcp could potentially write arbitrary data and code to protected memory areas or read sensitive data to launch further attacks.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007"
]
},
"references": [
{
"summary": "CVE-2020-15782 - SIMATIC Drive Controller family",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109773914/"
},
{
"summary": "CVE-2020-15782 - SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109759122/"
},
{
"summary": "CVE-2020-15782 - SIMATIC S7-1200 CPU family (incl. SIPLUS variants)",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109793280/"
},
{
"summary": "CVE-2020-15782 - SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants)",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
},
{
"summary": "CVE-2020-15782 - SIMATIC S7-1500 Software Controller",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478528/"
},
{
"summary": "CVE-2020-15782 - SIMATIC S7-PLCSIM Advanced",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109795016/"
},
{
"summary": "CVE-2020-15782 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2020-15782.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.9.2 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109773914/"
},
{
"category": "vendor_fix",
"details": "Update to V21.9 or later version",
"product_ids": [
"CSAFPID-0002"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109759122/"
},
{
"category": "none_available",
"details": "Currently no remediation is available",
"product_ids": [
"CSAFPID-0003"
]
},
{
"category": "vendor_fix",
"details": "Update to V4.5.0 or later version",
"product_ids": [
"CSAFPID-0004"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109793280/"
},
{
"category": "vendor_fix",
"details": "Update to V2.9.2 or later version",
"product_ids": [
"CSAFPID-0005"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
},
{
"category": "vendor_fix",
"details": "Update to V21.9 or later version",
"product_ids": [
"CSAFPID-0006"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478528/"
},
{
"category": "vendor_fix",
"details": "Update to V4.0 or later version",
"product_ids": [
"CSAFPID-0007"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109795016/"
},
{
"category": "mitigation",
"details": "Apply password protection for S7 communication",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007"
]
},
{
"category": "mitigation",
"details": "Disallow client connections via the ENDIS_PW instruction of the S7-1200 or S7-1500 CPU (This blocks remote client connections, even when the client can provide the correct password)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007"
]
},
{
"category": "mitigation",
"details": "Use the display to configure additional access protection of the S7-1500 CPU (This blocks remote client connections, even when the client can provide the correct password)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007"
]
},
{
"category": "mitigation",
"details": "Apply \"defense in depth\" as outlined on pages 12ff of the operational guidelines for Industrial Security, especially:\n\n- Plant security: Physical prevention of access to critical components\n- Network security: Ensure that PLC systems are not connected to untrusted networks\n\n* System integrity: Configure, maintain and protect your device by applying applicable compensating controls and using built-in security capabilities",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007"
]
},
{
"category": "mitigation",
"details": "Update your entire solution to TIA Portal V17 and use TLS communication using individual certificates between PLC, HMIs and PG/PC",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007"
]
}
],
"title": "CVE-2020-15782"
}
]
}
icsa-21-194-17
Vulnerability from csaf_cisa
Published
2021-07-13 00:00
Modified
2025-05-06 06:00
Summary
Siemens SINUMERIK ONE and SINUMERIK MC (Update A)
Notes
Summary
SINUMERIK ONE and SINUMERIK MC products are affected by a memory protection bypass vulnerability in the integrated S7-1500 CPU that could allow an attacker to write arbitrary data and code to protected memory areas or read sensitive data to launch further attacks on the CPU.
Siemens has released updates for the affected products and recommends that customers update to the new version.
General Recommendations
As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.
Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity
Additional Resources
For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories
Terms of Use
Siemens Security Advisories are subject to the terms and conditions contained in Siemens' underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter "License Terms"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens' Global Website (https://www.siemens.com/terms_of_use, hereinafter "Terms of Use"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.
Legal Notice
All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Advisory Conversion Disclaimer
This CISA CSAF advisory was converted from Siemens ProductCERT's CSAF advisory.
Critical infrastructure sectors
Multiple
Countries/areas deployed
Worldwide
Company headquarters location
Germany
Recommended Practices
CISA recommends users take defensive measures to minimize the exploitation risk of these vulnerabilities.
Recommended Practices
Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.
Recommended Practices
Locate control system networks and remote devices behind firewalls and isolate them from business networks.
Recommended Practices
When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.
Recommended Practices
CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
Recommended Practices
CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices
CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Recommended Practices
Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
{
"document": {
"acknowledgments": [
{
"organization": "Siemens ProductCERT",
"summary": "reporting this vulnerability to CISA."
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://us-cert.cisa.gov/tlp/"
}
},
"notes": [
{
"category": "summary",
"text": "SINUMERIK ONE and SINUMERIK MC products are affected by a memory protection bypass vulnerability in the integrated S7-1500 CPU that could allow an attacker to write arbitrary data and code to protected memory areas or read sensitive data to launch further attacks on the CPU.\n\nSiemens has released updates for the affected products and recommends that customers update to the new version.",
"title": "Summary"
},
{
"category": "general",
"text": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity",
"title": "General Recommendations"
},
{
"category": "general",
"text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "Siemens Security Advisories are subject to the terms and conditions contained in Siemens\u0027 underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter \"License Terms\"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens\u0027 Global Website (https://www.siemens.com/terms_of_use, hereinafter \"Terms of Use\"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.",
"title": "Terms of Use"
},
{
"category": "legal_disclaimer",
"text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
"title": "Legal Notice"
},
{
"category": "other",
"text": "This CISA CSAF advisory was converted from Siemens ProductCERT\u0027s CSAF advisory.",
"title": "Advisory Conversion Disclaimer"
},
{
"category": "other",
"text": "Multiple",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "Germany",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "CISA recommends users take defensive measures to minimize the exploitation risk of these vulnerabilities.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Locate control system networks and remote devices behind firewalls and isolate them from business networks.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
}
],
"publisher": {
"category": "other",
"contact_details": "central@cisa.dhs.gov",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "SSA-434536: Memory Protection Bypass Vulnerability in SINUMERIK ONE and SINUMERIK MC - CSAF Version",
"url": "https://cert-portal.siemens.com/productcert/csaf/ssa-434536.json"
},
{
"category": "self",
"summary": "SSA-434536: Memory Protection Bypass Vulnerability in SINUMERIK ONE and SINUMERIK MC - TXT Version",
"url": "https://cert-portal.siemens.com/productcert/txt/ssa-434536.txt"
},
{
"category": "self",
"summary": "SSA-434536: Memory Protection Bypass Vulnerability in SINUMERIK ONE and SINUMERIK MC - PDF Version",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-434536.pdf"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-21-194-17 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2021/icsa-21-194-17.json"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-21-194-17 - Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-21-194-17"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/topics/industrial-control-systems"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
}
],
"title": "Siemens SINUMERIK ONE and SINUMERIK MC (Update A)",
"tracking": {
"current_release_date": "2025-05-06T06:00:00.000000Z",
"generator": {
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-21-194-17",
"initial_release_date": "2021-07-13T00:00:00.000000Z",
"revision_history": [
{
"date": "2021-07-13T00:00:00.000000Z",
"legacy_version": "1.0",
"number": "1",
"summary": "Publication Date"
},
{
"date": "2021-09-14T00:00:00.000000Z",
"legacy_version": "1.1",
"number": "2",
"summary": "Added solution for SINUMERIK MC and SINUMERIK ONE"
},
{
"date": "2025-05-06T06:00:00.000000Z",
"legacy_version": "Revision",
"number": "3",
"summary": "Revision - Fixing typos"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV6.15",
"product": {
"name": "SINUMERIK MC",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "SINUMERIK MC"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV6.15",
"product": {
"name": "SINUMERIK ONE",
"product_id": "CSAFPID-0002"
}
}
],
"category": "product_name",
"name": "SINUMERIK ONE"
}
],
"category": "vendor",
"name": "Siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-15782",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "summary",
"text": "Affected devices are vulnerable to a memory protection bypass through a specific operation.\n\nA remote unauthenticated attacker with network access to port 102/tcp could potentially write arbitrary data and code to protected memory areas or read sensitive data to launch further attacks.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"summary": "CVE-2020-15782 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2020-15782.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V6.15 or later version",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Limit access to port 102/tcp to trusted users and systems only",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"title": "CVE-2020-15782"
}
]
}
var-202105-0073
Vulnerability from variot
A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V21.9), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.5.0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V2.9.2), SIMATIC S7-1500 Software Controller (All versions < V21.9), SIMATIC S7-PLCSIM Advanced (All versions < V4.0), SINAMICS PERFECT HARMONY GH180 Drives (Drives manufactured before 2021-08-13), SINUMERIK MC (All versions < V6.15), SINUMERIK ONE (All versions < V6.15). Affected devices are vulnerable to a memory protection bypass through a specific operation. A remote unauthenticated attacker with network access to port 102/tcp could potentially write arbitrary data and code to protected memory areas or read sensitive data to launch further attacks. Multiple Siemens products contain buffer error vulnerabilities.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Siemens SIMATIC S7-1200 and S7-1500 CPU series products are designed for discrete and continuous control in industrial environments, such as global manufacturing, food and beverage, and chemical industries.
The Siemens SIMATIC S7-1200 and S7-1500 CPU series have security vulnerabilities. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202105-0073",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "s7-1200 cpu",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.5.0"
},
{
"model": "simatic s7-1500 software controller",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "s7-1500 cpu",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.9.2"
},
{
"model": "simatic s7-plcsim advanced",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.0"
},
{
"model": "simatic driver controller",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.9.2"
},
{
"model": "et 200sp open controller",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic s7-1500 cpu",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "simatic s7-1500 software controller",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "simatic s7-plcsim advanced",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "simatic et 200sp open controller",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "simatic s7-1200 cpu",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "simatic driver controller",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "simatic drive controller family",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v2.9.2"
},
{
"model": "simatic s7-1500 software controller",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic s7-plcsim advanced",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic s7-1500 cpu family",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v2.9.2"
},
{
"model": "simatic s7-1200 cpu family",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.5.0"
},
{
"model": "simatic et 200sp open controller cpu 1515sp pc",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic et 200sp open controller cpu 1515sp pc2",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-37944"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007649"
},
{
"db": "NVD",
"id": "CVE-2020-15782"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Tal Keren from Claroty reported this vulnerability to Siemens.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202105-1957"
}
],
"trust": 0.6
},
"cve": "CVE-2020-15782",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2020-15782",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.6,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 4.9,
"id": "CNVD-2021-37944",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-15782",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2020-15782",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-15782",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2020-15782",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2021-37944",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202105-1957",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2020-15782",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-37944"
},
{
"db": "VULMON",
"id": "CVE-2020-15782"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007649"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1957"
},
{
"db": "NVD",
"id": "CVE-2020-15782"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability has been identified in SIMATIC Drive Controller family (All versions \u003c V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions \u003c V21.9), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions \u003c V4.5.0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions \u003c V2.9.2), SIMATIC S7-1500 Software Controller (All versions \u003c V21.9), SIMATIC S7-PLCSIM Advanced (All versions \u003c V4.0), SINAMICS PERFECT HARMONY GH180 Drives (Drives manufactured before 2021-08-13), SINUMERIK MC (All versions \u003c V6.15), SINUMERIK ONE (All versions \u003c V6.15). Affected devices are vulnerable to a memory protection bypass through a specific operation. A remote unauthenticated attacker with network access to port 102/tcp could potentially write arbitrary data and code to protected memory areas or read sensitive data to launch further attacks. Multiple Siemens products contain buffer error vulnerabilities.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Siemens SIMATIC S7-1200 and S7-1500 CPU series products are designed for discrete and continuous control in industrial environments, such as global manufacturing, food and beverage, and chemical industries. \n\r\n\r\nThe Siemens SIMATIC S7-1200 and S7-1500 CPU series have security vulnerabilities. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-15782"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007649"
},
{
"db": "CNVD",
"id": "CNVD-2021-37944"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "VULMON",
"id": "CVE-2020-15782"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-15782",
"trust": 3.9
},
{
"db": "SIEMENS",
"id": "SSA-434534",
"trust": 2.3
},
{
"db": "SIEMENS",
"id": "SSA-434535",
"trust": 1.7
},
{
"db": "SIEMENS",
"id": "SSA-434536",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007649",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-37944",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021041363",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-21-152-01",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-21-194-17",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021071418",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021053102",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1900",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1957",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2020-15782",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-37944"
},
{
"db": "VULMON",
"id": "CVE-2020-15782"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007649"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1957"
},
{
"db": "NVD",
"id": "CVE-2020-15782"
}
]
},
"id": "VAR-202105-0073",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-37944"
}
],
"trust": 1.3643837300000001
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-37944"
}
]
},
"last_update_date": "2024-08-14T12:10:27.092000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-434536",
"trust": 0.8,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-434534.pdf"
},
{
"title": "Patch for Siemens SIMATIC S7-1200 and S7-1500 CPU series memory protection bypass vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/269101"
},
{
"title": "Siemens SIMATIC Repair measures for buffer errors and vulnerabilities in many products",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=153864"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=7584f4eb43b539d25d824fb015a2cf5a"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=a901d703a0d80e4b3488817a077f83d4"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=616f1ddfa275fcc72669b5a7b8153f51"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-37944"
},
{
"db": "VULMON",
"id": "CVE-2020-15782"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007649"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1957"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.0
},
{
"problemtype": "Buffer error (CWE-119) [ Other ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-007649"
},
{
"db": "NVD",
"id": "CVE-2020-15782"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-434534.pdf"
},
{
"trust": 1.7,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-434536.pdf"
},
{
"trust": 1.7,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-434535.pdf"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-15782"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-152-01"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021071418"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021053102"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-17"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/simatic-read-write-access-via-memory-protection-bypass-35564"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1900"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://cert-portal.siemens.com/productcert/txt/ssa-434534.txt"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-37944"
},
{
"db": "VULMON",
"id": "CVE-2020-15782"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007649"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1957"
},
{
"db": "NVD",
"id": "CVE-2020-15782"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-37944"
},
{
"db": "VULMON",
"id": "CVE-2020-15782"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007649"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1957"
},
{
"db": "NVD",
"id": "CVE-2020-15782"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-05-31T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-37944"
},
{
"date": "2021-05-28T00:00:00",
"db": "VULMON",
"id": "CVE-2020-15782"
},
{
"date": "2022-02-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-007649"
},
{
"date": "2021-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-05-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202105-1957"
},
{
"date": "2021-05-28T16:15:07.790000",
"db": "NVD",
"id": "CVE-2020-15782"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-05-31T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-37944"
},
{
"date": "2021-07-13T00:00:00",
"db": "VULMON",
"id": "CVE-2020-15782"
},
{
"date": "2022-02-18T09:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-007649"
},
{
"date": "2021-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-09-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202105-1957"
},
{
"date": "2021-09-14T11:15:16.220000",
"db": "NVD",
"id": "CVE-2020-15782"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202105-1957"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer error vulnerabilities in multiple Siemens products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-007649"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
],
"trust": 0.6
}
}
gsd-2020-15782
Vulnerability from gsd
Modified
2023-12-13 01:21
Details
A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V21.9), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.5.0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V2.9.2), SIMATIC S7-1500 Software Controller (All versions < V21.9), SIMATIC S7-PLCSIM Advanced (All versions < V4.0), SINAMICS PERFECT HARMONY GH180 Drives (Drives manufactured before 2021-08-13), SINUMERIK MC (All versions < V6.15), SINUMERIK ONE (All versions < V6.15). Affected devices are vulnerable to a memory protection bypass through a specific operation. A remote unauthenticated attacker with network access to port 102/tcp could potentially write arbitrary data and code to protected memory areas or read sensitive data to launch further attacks.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2020-15782",
"description": "A vulnerability has been identified in SIMATIC Drive Controller family (All versions \u003c V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions \u003c V21.9), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions \u003c V4.5.0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions \u003c V2.9.2), SIMATIC S7-1500 Software Controller (All versions \u003c V21.9), SIMATIC S7-PLCSIM Advanced (All versions \u003c V4.0), SINAMICS PERFECT HARMONY GH180 Drives (Drives manufactured before 2021-08-13), SINUMERIK MC (All versions \u003c V6.15), SINUMERIK ONE (All versions \u003c V6.15). Affected devices are vulnerable to a memory protection bypass through a specific operation. A remote unauthenticated attacker with network access to port 102/tcp could potentially write arbitrary data and code to protected memory areas or read sensitive data to launch further attacks.",
"id": "GSD-2020-15782"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2020-15782"
],
"details": "A vulnerability has been identified in SIMATIC Drive Controller family (All versions \u003c V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions \u003c V21.9), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions \u003c V4.5.0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions \u003c V2.9.2), SIMATIC S7-1500 Software Controller (All versions \u003c V21.9), SIMATIC S7-PLCSIM Advanced (All versions \u003c V4.0), SINAMICS PERFECT HARMONY GH180 Drives (Drives manufactured before 2021-08-13), SINUMERIK MC (All versions \u003c V6.15), SINUMERIK ONE (All versions \u003c V6.15). Affected devices are vulnerable to a memory protection bypass through a specific operation. A remote unauthenticated attacker with network access to port 102/tcp could potentially write arbitrary data and code to protected memory areas or read sensitive data to launch further attacks.",
"id": "GSD-2020-15782",
"modified": "2023-12-13T01:21:43.830984Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2020-15782",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SIMATIC Drive Controller family",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V2.9.2"
}
]
}
},
{
"product_name": "SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants)",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V21.9"
}
]
}
},
{
"product_name": "SIMATIC S7-1200 CPU family (incl. SIPLUS variants)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.5.0"
}
]
}
},
{
"product_name": "SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V2.9.2"
}
]
}
},
{
"product_name": "SIMATIC S7-1500 Software Controller",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V21.9"
}
]
}
},
{
"product_name": "SIMATIC S7-PLCSIM Advanced",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.0"
}
]
}
},
{
"product_name": "SINAMICS PERFECT HARMONY GH180 Drives",
"version": {
"version_data": [
{
"version_value": "Drives manufactured before 2021-08-13"
}
]
}
},
{
"product_name": "SINUMERIK MC",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V6.15"
}
]
}
},
{
"product_name": "SINUMERIK ONE",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V6.15"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SIMATIC Drive Controller family (All versions \u003c V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions \u003c V21.9), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions \u003c V4.5.0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions \u003c V2.9.2), SIMATIC S7-1500 Software Controller (All versions \u003c V21.9), SIMATIC S7-PLCSIM Advanced (All versions \u003c V4.0), SINAMICS PERFECT HARMONY GH180 Drives (Drives manufactured before 2021-08-13), SINUMERIK MC (All versions \u003c V6.15), SINUMERIK ONE (All versions \u003c V6.15). Affected devices are vulnerable to a memory protection bypass through a specific operation. A remote unauthenticated attacker with network access to port 102/tcp could potentially write arbitrary data and code to protected memory areas or read sensitive data to launch further attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-434534.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-434534.pdf"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-434536.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-434536.pdf"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-434535.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-434535.pdf"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_driver_controller_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.9.2",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:cpu_1507d_tf:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:cpu_1504d_tf:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:s7-1200_cpu_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.5.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:cpu_1217c:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:cpu_1215fc:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:cpu_1215c:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:cpu_1214fc:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:cpu_1214c:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:cpu_1212fc:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:cpu_1212c:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:cpu_1211c:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:s7-1500_cpu_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.9.2",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:6es7512-1ck01-0ab0:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:6es7512-1dk01-0ab0:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:6es7512-1sk01-0ab0:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:6es7513-1al01-0ab0:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:6es7513-1al02-0ab0:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:6es7513-1fl01-0ab0:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:6es7513-1fl02-0ab0:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:6es7513-1rl00-0ab0:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:6es7513-2gl00-0ab0:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:6es7513-2pl00-0ab0:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:6es7515-2am01-0ab0:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:6es7515-2am02-0ab0:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:6es7515-2fm01-0ab0:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:6es7515-2fm02-0ab0:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:6es7515-2rm00-0ab0:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:6es7515-2tm01-0ab0:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:6es7515-2um01-0ab0:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:6es7516-2gn00-0ab0:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:6es7516-2pn00-0ab0:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:6es7516-3an01-0ab0:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:6es7516-3an02-0ab0:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:6es7516-3fn01-0ab0:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:6es7516-3fn02-0ab0:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:6es7516-3tn00-0ab0:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:6es7516-3un00-0ab0:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:6es7517-3ap00-0ab0:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:6es7517-3fp00-0ab0:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:6es7517-3hp00-0ab0:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:6es7517-3tp00-0ab0:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:6es7517-3up00-0ab0:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:6es7518-4ap00-0ab0:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:6es7518-4ap00-3ab0:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:6es7518-4fp00-0ab0:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:6es7512-1ck00-0ab0:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:6es7511-1uk01-0ab0:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:6es7511-1tk01-0ab0:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:6es7511-1fk02-0ab0:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:6es7511-1fk01-0ab0:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:6es7511-1ck01-0ab0:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:6es7511-1ck00-0ab0:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:6es7511-1ak02-0ab0:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:6es7511-1ak01-0ab0:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:6es7510-1sj01-0ab0:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:6es7510-1dj01-0ab0:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:6es7518-4fp00-3ab0:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_s7-1500__software_controller:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_s7-plcsim_advanced:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:et_200sp_open_controller_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:cpu_1515sp_pc:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:cpu_1515sp_pc2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2020-15782"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "A vulnerability has been identified in SIMATIC Drive Controller family (All versions \u003c V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions \u003c V21.9), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions \u003c V4.5.0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions \u003c V2.9.2), SIMATIC S7-1500 Software Controller (All versions \u003c V21.9), SIMATIC S7-PLCSIM Advanced (All versions \u003c V4.0), SINAMICS PERFECT HARMONY GH180 Drives (Drives manufactured before 2021-08-13), SINUMERIK MC (All versions \u003c V6.15), SINUMERIK ONE (All versions \u003c V6.15). Affected devices are vulnerable to a memory protection bypass through a specific operation. A remote unauthenticated attacker with network access to port 102/tcp could potentially write arbitrary data and code to protected memory areas or read sensitive data to launch further attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "N/A",
"refsource": "CONFIRM",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-434534.pdf"
},
{
"name": "N/A",
"refsource": "CONFIRM",
"tags": [],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-434536.pdf"
},
{
"name": "N/A",
"refsource": "CONFIRM",
"tags": [],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-434535.pdf"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
},
"lastModifiedDate": "2021-09-14T11:15Z",
"publishedDate": "2021-05-28T16:15Z"
}
}
}
ghsa-jx94-83cv-56j7
Vulnerability from github
Published
2022-05-24 19:03
Modified
2022-05-24 19:03
VLAI Severity ?
Details
A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.5.0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V2.9.2), SIMATIC S7-1500 Software Controller (All versions), SIMATIC S7-PLCSIM Advanced (All versions < V4.0). Affected devices are vulnerable to a memory protection bypass through a specific operation. A remote unauthenticated attacker with network access to port 102/tcp could potentially write arbitrary data and code to protected memory areas or read sensitive data to launch further attacks.
{
"affected": [],
"aliases": [
"CVE-2020-15782"
],
"database_specific": {
"cwe_ids": [
"CWE-119"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-05-28T16:15:00Z",
"severity": "CRITICAL"
},
"details": "A vulnerability has been identified in SIMATIC Drive Controller family (All versions \u003c V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions \u003c V4.5.0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions \u003c V2.9.2), SIMATIC S7-1500 Software Controller (All versions), SIMATIC S7-PLCSIM Advanced (All versions \u003c V4.0). Affected devices are vulnerable to a memory protection bypass through a specific operation. A remote unauthenticated attacker with network access to port 102/tcp could potentially write arbitrary data and code to protected memory areas or read sensitive data to launch further attacks.",
"id": "GHSA-jx94-83cv-56j7",
"modified": "2022-05-24T19:03:37Z",
"published": "2022-05-24T19:03:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15782"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-434534.pdf"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-434535.pdf"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-434536.pdf"
}
],
"schema_version": "1.4.0",
"severity": []
}
CERTFR-2021-AVI-518
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Siemens. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Siemens | N/A | SIMIT Simulation Platform toutes les versions | ||
| Siemens | N/A | JT Utilities toutes les versions antérieures à 13.0.2.0 | ||
| Siemens | N/A | SICAM 230 toutes les versions | ||
| Siemens | N/A | Development/Evaluation Kits for PROFINET IO:DK Standard Ethernet Controller, EK-ERTEC 200 ET EK-ERTEC 200P toutes les versions | ||
| Siemens | N/A | TIM 1531 IRC (incl. SIPLUS NET variants) toutes les versions antérieures à 2.2 | ||
| Siemens | N/A | SINEC INS toutes les versions | ||
| Siemens | N/A | Les produits Teamcenter, pour plus d'informations veuillez-vous référer aux avis éditeurs | ||
| Siemens | N/A | Les produits SINAMICS, pour plus d'informations veuillez-vous référer aux avis éditeurs | ||
| Siemens | N/A | SIMOCODE proV PROFINET toutes les versions antérieures à 2.1.3 | ||
| Siemens | N/A | SOFTNET-IE PNIO toutes les versions | ||
| Siemens | N/A | PSS CAPE Protection Simulation Platform:CAPE 14 installé avant le 16 juin | ||
| Siemens | N/A | SINEMA Server V14.0.2.x | ||
| Siemens | N/A | Les produits SINUMERIK, pour plus d'informations veuillez-vous référer aux avis éditeurs | ||
| Siemens | N/A | JT2Go toutes les versions antérieures à 13.2 | ||
| Siemens | N/A | Les produits Mendix, pour plus d'informations veuillez-vous référer aux avis éditeurs | ||
| Siemens | N/A | SIMOCODE proV Ethernet/IP toutes les versions antérieures à 1.1.3 | ||
| Siemens | N/A | SINEC NMS:V1.0 SP1, V1.0 SP1 antérieures à version V1.0 SP2 | ||
| Siemens | N/A | Les produits SCALANCE, pour plus d'informations veuillez-vous référer aux avis éditeurs | ||
| Siemens | N/A | TIA Administrator toutes les versions | ||
| Siemens | N/A | RWG1.M12D toutes les versions | ||
| Siemens | N/A | Solid Edge SE2021 toutes les versions antérieures à SE2021MP5 | ||
| Siemens | N/A | RWG1.M12 toutes les versions | ||
| Siemens | N/A | Les produits SIMATIC, pour plus d'informations veuillez-vous référer aux avis éditeurs | ||
| Siemens | N/A | RWG1.M8 toutes les versions | ||
| Siemens | N/A | Les produits RUGGEDCOM, pour plus d'informations veuillez-vous référer aux avis éditeurs | ||
| Siemens | N/A | SINEC PNI toutes les versions | ||
| Siemens | N/A | SINEMA Remote Connect Server toutes les versions |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SIMIT Simulation Platform toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "JT Utilities toutes les versions ant\u00e9rieures \u00e0 13.0.2.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SICAM 230 toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Development/Evaluation Kits for PROFINET IO:DK Standard Ethernet Controller, EK-ERTEC 200 ET EK-ERTEC 200P toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "TIM 1531 IRC (incl. SIPLUS NET variants) toutes les versions ant\u00e9rieures \u00e0 2.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINEC INS toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Les produits Teamcenter, pour plus d\u0027informations veuillez-vous r\u00e9f\u00e9rer aux avis \u00e9diteurs",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Les produits SINAMICS, pour plus d\u0027informations veuillez-vous r\u00e9f\u00e9rer aux avis \u00e9diteurs",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMOCODE proV PROFINET toutes les versions ant\u00e9rieures \u00e0 2.1.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SOFTNET-IE PNIO toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "PSS CAPE Protection Simulation Platform:CAPE 14 install\u00e9 avant le 16 juin",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINEMA Server V14.0.2.x",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Les produits SINUMERIK, pour plus d\u0027informations veuillez-vous r\u00e9f\u00e9rer aux avis \u00e9diteurs",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "JT2Go toutes les versions ant\u00e9rieures \u00e0 13.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Les produits Mendix, pour plus d\u0027informations veuillez-vous r\u00e9f\u00e9rer aux avis \u00e9diteurs",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMOCODE proV Ethernet/IP toutes les versions ant\u00e9rieures \u00e0 1.1.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINEC NMS:V1.0 SP1, V1.0 SP1 ant\u00e9rieures \u00e0 version V1.0 SP2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Les produits SCALANCE, pour plus d\u0027informations veuillez-vous r\u00e9f\u00e9rer aux avis \u00e9diteurs",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "TIA Administrator toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RWG1.M12D toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Solid Edge SE2021 toutes les versions ant\u00e9rieures \u00e0 SE2021MP5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RWG1.M12 toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Les produits SIMATIC, pour plus d\u0027informations veuillez-vous r\u00e9f\u00e9rer aux avis \u00e9diteurs",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RWG1.M8 toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Les produits RUGGEDCOM, pour plus d\u0027informations veuillez-vous r\u00e9f\u00e9rer aux avis \u00e9diteurs",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINEC PNI toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINEMA Remote Connect Server toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-34320",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34320"
},
{
"name": "CVE-2021-34300",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34300"
},
{
"name": "CVE-2015-8011",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8011"
},
{
"name": "CVE-2021-34331",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34331"
},
{
"name": "CVE-2021-34297",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34297"
},
{
"name": "CVE-2021-31893",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31893"
},
{
"name": "CVE-2021-34324",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34324"
},
{
"name": "CVE-2021-34316",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34316"
},
{
"name": "CVE-2021-34292",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34292"
},
{
"name": "CVE-2021-33713",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33713"
},
{
"name": "CVE-2021-31892",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31892"
},
{
"name": "CVE-2021-34307",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34307"
},
{
"name": "CVE-2021-34310",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34310"
},
{
"name": "CVE-2021-34299",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34299"
},
{
"name": "CVE-2021-33715",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33715"
},
{
"name": "CVE-2021-34293",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34293"
},
{
"name": "CVE-2021-34302",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34302"
},
{
"name": "CVE-2021-34309",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34309"
},
{
"name": "CVE-2021-34301",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34301"
},
{
"name": "CVE-2021-34305",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34305"
},
{
"name": "CVE-2021-34313",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34313"
},
{
"name": "CVE-2021-33718",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33718"
},
{
"name": "CVE-2021-25671",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25671"
},
{
"name": "CVE-2021-29998",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29998"
},
{
"name": "CVE-2021-34330",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34330"
},
{
"name": "CVE-2021-34319",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34319"
},
{
"name": "CVE-2021-3449",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3449"
},
{
"name": "CVE-2021-31895",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31895"
},
{
"name": "CVE-2020-15782",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15782"
},
{
"name": "CVE-2021-34333",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34333"
},
{
"name": "CVE-2021-34308",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34308"
},
{
"name": "CVE-2021-34317",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34317"
},
{
"name": "CVE-2021-34321",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34321"
},
{
"name": "CVE-2021-20094",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20094"
},
{
"name": "CVE-2021-20093",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20093"
},
{
"name": "CVE-2021-34295",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34295"
},
{
"name": "CVE-2020-27827",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27827"
},
{
"name": "CVE-2021-34328",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34328"
},
{
"name": "CVE-2021-34326",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34326"
},
{
"name": "CVE-2021-34318",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34318"
},
{
"name": "CVE-2021-34315",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34315"
},
{
"name": "CVE-2021-34327",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34327"
},
{
"name": "CVE-2020-26147",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26147"
},
{
"name": "CVE-2021-34322",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34322"
},
{
"name": "CVE-2021-34304",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34304"
},
{
"name": "CVE-2021-34314",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34314"
},
{
"name": "CVE-2020-28400",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28400"
},
{
"name": "CVE-2021-34311",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34311"
},
{
"name": "CVE-2021-33714",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33714"
},
{
"name": "CVE-2021-34296",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34296"
},
{
"name": "CVE-2021-31894",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31894"
},
{
"name": "CVE-2021-33710",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33710"
},
{
"name": "CVE-2021-34312",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34312"
},
{
"name": "CVE-2021-34329",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34329"
},
{
"name": "CVE-2021-34303",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34303"
},
{
"name": "CVE-2021-34306",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34306"
},
{
"name": "CVE-2021-34298",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34298"
},
{
"name": "CVE-2021-34291",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34291"
},
{
"name": "CVE-2021-33709",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33709"
},
{
"name": "CVE-2021-34325",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34325"
},
{
"name": "CVE-2021-34332",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34332"
},
{
"name": "CVE-2021-34323",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34323"
},
{
"name": "CVE-2021-34294",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34294"
},
{
"name": "CVE-2021-33711",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33711"
}
],
"initial_release_date": "2021-07-13T00:00:00",
"last_revision_date": "2021-07-13T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-518",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-07-13T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSiemens. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-641963 du 13 juillet 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-641963.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-729965 du 13 juillet 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-729965.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-560465 du 13 juillet 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-560465.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-772220 du 13 juillet 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-772220.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-434536 du 13 juillet 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-434536.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-209268 du 13 juillet 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-209268.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-173615 du 13 juillet 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-173615.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-675303 du 13 juillet 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-675303.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-434535 du 13 juillet 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-434535.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-599968 du 13 juillet 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-599968.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-622535 du 13 juillet 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-622535.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-941426 du 13 juillet 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-941426.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-661034 du 13 juillet 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-661034.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-373591 du 13 juillet 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-373591.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-352521 du 13 juillet 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-352521.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-913875 du 13 juillet 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-483182 du 13 juillet 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf"
}
]
}
CERTFR-2021-AVI-416
Vulnerability from certfr_avis
Une vulnérabilité a été découverte dans les produits Siemens. Elle permet à un attaquant de provoquer une exécution de code arbitraire, une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Siemens | N/A | SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variantes) versions antérieures à 2.9.2 | ||
| Siemens | N/A | SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variantes) toutes versions | ||
| Siemens | N/A | SIMATIC S7-PLCSIM Advanced versions antérieures à 4.0 | ||
| Siemens | N/A | SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variantes) toutes versions | ||
| Siemens | N/A | SIMATIC Drive Controller family versions antérieures à 2.9.2 | ||
| Siemens | N/A | SIMATIC S7-1500 Software Controller toutes versions | ||
| Siemens | N/A | SIMATIC S7-1200 CPU family (incl. SIPLUS variantes) versions antérieures à 4.5.0 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variantes) versions ant\u00e9rieures \u00e0 2.9.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variantes) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-PLCSIM Advanced versions ant\u00e9rieures \u00e0 4.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variantes) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC Drive Controller family versions ant\u00e9rieures \u00e0 2.9.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 Software Controller toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1200 CPU family (incl. SIPLUS variantes) versions ant\u00e9rieures \u00e0 4.5.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-15782",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15782"
}
],
"initial_release_date": "2021-05-31T00:00:00",
"last_revision_date": "2021-05-31T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-416",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-05-31T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans les produits Siemens. Elle\npermet \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire, une\natteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et une atteinte \u00e0 la confidentialit\u00e9\ndes donn\u00e9es.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans les produits Siemens",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-434534 du 28 mai 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-434534.pdf"
}
]
}
tid-306
Vulnerability from emb3d
Type
Description
While restricting the execution of external programs within a sandboxed execution environment can mitigate the threat of programs having excessive privileges or memory access, vulnerabilities within that environment could be exploited to escape the sandbox. This would allow the threat actor to escalate their privileges to more broadly manipulate the device’s operation and evade detections.
CWE
- CWE-693: Protection Mechanism Failure
fkie_cve-2020-15782
Vulnerability from fkie_nvd
Published
2021-05-28 16:15
Modified
2024-11-21 05:06
Severity ?
Summary
A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V21.9), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.5.0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V2.9.2), SIMATIC S7-1500 Software Controller (All versions < V21.9), SIMATIC S7-PLCSIM Advanced (All versions < V4.0), SINAMICS PERFECT HARMONY GH180 Drives (Drives manufactured before 2021-08-13), SINUMERIK MC (All versions < V6.15), SINUMERIK ONE (All versions < V6.15). Affected devices are vulnerable to a memory protection bypass through a specific operation. A remote unauthenticated attacker with network access to port 102/tcp could potentially write arbitrary data and code to protected memory areas or read sensitive data to launch further attacks.
References
| URL | Tags | ||
|---|---|---|---|
| productcert@siemens.com | https://cert-portal.siemens.com/productcert/pdf/ssa-434534.pdf | Patch, Vendor Advisory | |
| productcert@siemens.com | https://cert-portal.siemens.com/productcert/pdf/ssa-434535.pdf | ||
| productcert@siemens.com | https://cert-portal.siemens.com/productcert/pdf/ssa-434536.pdf | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-434534.pdf | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-434535.pdf | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-434536.pdf |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| siemens | simatic_driver_controller_firmware | * | |
| siemens | cpu_1504d_tf | - | |
| siemens | cpu_1507d_tf | - | |
| siemens | s7-1200_cpu_firmware | * | |
| siemens | cpu_1211c | - | |
| siemens | cpu_1212c | - | |
| siemens | cpu_1212fc | - | |
| siemens | cpu_1214c | - | |
| siemens | cpu_1214fc | - | |
| siemens | cpu_1215c | - | |
| siemens | cpu_1215fc | - | |
| siemens | cpu_1217c | - | |
| siemens | s7-1500_cpu_firmware | * | |
| siemens | 6es7510-1dj01-0ab0 | - | |
| siemens | 6es7510-1sj01-0ab0 | - | |
| siemens | 6es7511-1ak01-0ab0 | - | |
| siemens | 6es7511-1ak02-0ab0 | - | |
| siemens | 6es7511-1ck00-0ab0 | - | |
| siemens | 6es7511-1ck01-0ab0 | - | |
| siemens | 6es7511-1fk01-0ab0 | - | |
| siemens | 6es7511-1fk02-0ab0 | - | |
| siemens | 6es7511-1tk01-0ab0 | - | |
| siemens | 6es7511-1uk01-0ab0 | - | |
| siemens | 6es7512-1ck00-0ab0 | - | |
| siemens | 6es7512-1ck01-0ab0 | - | |
| siemens | 6es7512-1dk01-0ab0 | - | |
| siemens | 6es7512-1sk01-0ab0 | - | |
| siemens | 6es7513-1al01-0ab0 | - | |
| siemens | 6es7513-1al02-0ab0 | - | |
| siemens | 6es7513-1fl01-0ab0 | - | |
| siemens | 6es7513-1fl02-0ab0 | - | |
| siemens | 6es7513-1rl00-0ab0 | - | |
| siemens | 6es7513-2gl00-0ab0 | - | |
| siemens | 6es7513-2pl00-0ab0 | - | |
| siemens | 6es7515-2am01-0ab0 | - | |
| siemens | 6es7515-2am02-0ab0 | - | |
| siemens | 6es7515-2fm01-0ab0 | - | |
| siemens | 6es7515-2fm02-0ab0 | - | |
| siemens | 6es7515-2rm00-0ab0 | - | |
| siemens | 6es7515-2tm01-0ab0 | - | |
| siemens | 6es7515-2um01-0ab0 | - | |
| siemens | 6es7516-2gn00-0ab0 | - | |
| siemens | 6es7516-2pn00-0ab0 | - | |
| siemens | 6es7516-3an01-0ab0 | - | |
| siemens | 6es7516-3an02-0ab0 | - | |
| siemens | 6es7516-3fn01-0ab0 | - | |
| siemens | 6es7516-3fn02-0ab0 | - | |
| siemens | 6es7516-3tn00-0ab0 | - | |
| siemens | 6es7516-3un00-0ab0 | - | |
| siemens | 6es7517-3ap00-0ab0 | - | |
| siemens | 6es7517-3fp00-0ab0 | - | |
| siemens | 6es7517-3hp00-0ab0 | - | |
| siemens | 6es7517-3tp00-0ab0 | - | |
| siemens | 6es7517-3up00-0ab0 | - | |
| siemens | 6es7518-4ap00-0ab0 | - | |
| siemens | 6es7518-4ap00-3ab0 | - | |
| siemens | 6es7518-4fp00-0ab0 | - | |
| siemens | 6es7518-4fp00-3ab0 | - | |
| siemens | simatic_s7-1500__software_controller | * | |
| siemens | simatic_s7-plcsim_advanced | * | |
| siemens | et_200sp_open_controller_firmware | * | |
| siemens | cpu_1515sp_pc | - | |
| siemens | cpu_1515sp_pc2 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_driver_controller_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A7B8C5FB-3BF8-4A74-AB58-474D754CFBBA",
"versionEndExcluding": "2.9.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:cpu_1504d_tf:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6150A06A-0EB8-46CC-A118-2E70BF183CFE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:siemens:cpu_1507d_tf:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1F33CBC2-330D-4791-9BAB-ECEF3720BBC0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:s7-1200_cpu_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6852AC11-6388-4D26-923E-DB8933F05EDC",
"versionEndExcluding": "4.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:cpu_1211c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "172D341B-D863-4C24-9B6E-633EBE87C8C9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:siemens:cpu_1212c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1B475E4F-EE4F-4435-9F0B-8E4FA35377BE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:siemens:cpu_1212fc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1402D624-5AF3-4E25-A2B0-9D9F214EE8FE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:siemens:cpu_1214c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1F714315-8BEB-4BD3-BE59-C6649A0A105E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:siemens:cpu_1214fc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2A988C9F-60DF-4BC5-A890-F03F445DD9BD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:siemens:cpu_1215c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C90820D3-3F3E-4DC4-9DCE-A498CC26268D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:siemens:cpu_1215fc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BAF22AB6-6DAA-4983-99DB-4F2A2E76856F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:siemens:cpu_1217c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4C95F12D-563A-4915-9F26-A461EB4F8FA1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:s7-1500_cpu_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7D8BEAD8-461A-4832-8BF7-9F2CE8ADB6BC",
"versionEndExcluding": "2.9.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:6es7510-1dj01-0ab0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0645616B-B515-49BE-9C9A-33A0E9E7C108",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:siemens:6es7510-1sj01-0ab0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8D11FF81-01F3-4B07-B57C-8B43DAD3640A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:siemens:6es7511-1ak01-0ab0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B9FFB12A-E3B7-4273-AAAF-0AECB9BB69C0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:siemens:6es7511-1ak02-0ab0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25A19AB0-CCC8-4513-8182-68CE66F136F1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:siemens:6es7511-1ck00-0ab0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DED5460A-76CF-4830-AAFB-A10CE7EFD129",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:siemens:6es7511-1ck01-0ab0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "207FD076-F2B7-4DE5-8390-E135A09DBD26",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:siemens:6es7511-1fk01-0ab0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DF0FB5A5-A930-4635-B483-991611967E1E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:siemens:6es7511-1fk02-0ab0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7F039613-55B4-45E9-9E12-9603DF424A6A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:siemens:6es7511-1tk01-0ab0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BA18592B-0624-4C06-AC5E-1336E9E02C11",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:siemens:6es7511-1uk01-0ab0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F3C00821-4873-4B80-ADC5-FED9FFD810DC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:siemens:6es7512-1ck00-0ab0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4E4D7484-F6E9-4A5C-9695-691FC48D602C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:siemens:6es7512-1ck01-0ab0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DE762064-FE24-4A1D-94DA-7411CC701B8A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:siemens:6es7512-1dk01-0ab0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2A1B45F7-14BA-45B5-AE0F-25F4E77CB40E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:siemens:6es7512-1sk01-0ab0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC5C0BB0-A443-4764-9A9F-828882556665",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:siemens:6es7513-1al01-0ab0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7CC9DB1B-DDAC-4FD2-BB9E-F64941C14E58",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:siemens:6es7513-1al02-0ab0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1C01A87E-E18E-4E83-BCC5-AAE48E177B96",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:siemens:6es7513-1fl01-0ab0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5426F764-765B-4E80-86D5-A86EF95A53F6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:siemens:6es7513-1fl02-0ab0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F16BF979-9B89-42C9-8B5D-2A9F5E76F10E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:siemens:6es7513-1rl00-0ab0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D7FC9267-B12D-4E13-BEB5-7D61989C1047",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:siemens:6es7513-2gl00-0ab0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "91E3A8F5-7BC8-43C5-84D9-00DCEB4D4E05",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:siemens:6es7513-2pl00-0ab0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CAA520E3-A01E-441C-95B3-B3481C4405C4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:siemens:6es7515-2am01-0ab0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DBFB9E73-59C8-4E05-ABDD-335315EE37CD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:siemens:6es7515-2am02-0ab0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "225036D8-E501-4069-9D30-C243AE79CA2B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:siemens:6es7515-2fm01-0ab0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "69F4097E-27F4-43EB-81E7-BD497477396F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:siemens:6es7515-2fm02-0ab0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CF247FF5-E912-44E1-8D0A-781912797783",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:siemens:6es7515-2rm00-0ab0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B707B729-AEF1-446D-9E85-5504BF098635",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:siemens:6es7515-2tm01-0ab0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6DD88AAE-1926-47AA-9071-E657053D9A91",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:siemens:6es7515-2um01-0ab0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C71F8606-63FC-4BC6-830C-1FF19B30110A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:siemens:6es7516-2gn00-0ab0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DEA0DD75-F6B4-41A7-A9AA-03FAFAA38B16",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:siemens:6es7516-2pn00-0ab0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1CBB9517-4F18-4CB9-B7F3-4D30D6E9DCE2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:siemens:6es7516-3an01-0ab0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "56C07F7B-5042-44BA-B5F3-438A60A776D7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:siemens:6es7516-3an02-0ab0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9D2412B1-8ADC-48AC-85CF-BAE6E3674B29",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:siemens:6es7516-3fn01-0ab0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B6F8F1FC-3F9A-48B0-A6EE-9AB66AB4A1E5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:siemens:6es7516-3fn02-0ab0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BC0DCCCE-1348-48FC-BD48-0D23F4A8A69D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:siemens:6es7516-3tn00-0ab0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E728548F-2F18-4BF4-8A32-83CBAE2D5A12",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:siemens:6es7516-3un00-0ab0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BE4AEE6E-03BA-4302-9D77-FC3102A216E9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:siemens:6es7517-3ap00-0ab0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C49DB60C-69FB-4251-9185-02CABCB66E86",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:siemens:6es7517-3fp00-0ab0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5628EB18-2D21-40F2-ACCC-65EF5D9A5BB3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:siemens:6es7517-3hp00-0ab0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2E341A3B-D0F6-49EC-AE13-CC2D0DA6AF15",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:siemens:6es7517-3tp00-0ab0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BD084757-FD90-45BA-96D2-F885741EE205",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:siemens:6es7517-3up00-0ab0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1A49F3BE-3391-423F-9EBC-5DAEB1A33C06",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:siemens:6es7518-4ap00-0ab0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A40D89C7-A781-407A-B675-507E3211EB38",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:siemens:6es7518-4ap00-3ab0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "91BAF17B-E442-48E2-8484-547CB4375213",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:siemens:6es7518-4fp00-0ab0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F17DE4F0-A475-4F08-99A5-36744978FEB2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:siemens:6es7518-4fp00-3ab0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BC059287-41DD-4926-A17A-ED256541AD28",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:simatic_s7-1500__software_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B6745F8B-D98C-4410-AB01-CE6EE3DDCB4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:simatic_s7-plcsim_advanced:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E58BF80D-955E-44DE-B376-FC632C197390",
"versionEndExcluding": "4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:et_200sp_open_controller_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1EA915A3-BC37-4907-8207-AD3B2E4C488F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:cpu_1515sp_pc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2F01ED37-3930-48BD-B911-388775A1715A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:siemens:cpu_1515sp_pc2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "02DE6F0F-C1FD-4007-AFA4-12F79C8DF1EC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SIMATIC Drive Controller family (All versions \u003c V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions \u003c V21.9), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions \u003c V4.5.0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions \u003c V2.9.2), SIMATIC S7-1500 Software Controller (All versions \u003c V21.9), SIMATIC S7-PLCSIM Advanced (All versions \u003c V4.0), SINAMICS PERFECT HARMONY GH180 Drives (Drives manufactured before 2021-08-13), SINUMERIK MC (All versions \u003c V6.15), SINUMERIK ONE (All versions \u003c V6.15). Affected devices are vulnerable to a memory protection bypass through a specific operation. A remote unauthenticated attacker with network access to port 102/tcp could potentially write arbitrary data and code to protected memory areas or read sensitive data to launch further attacks."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en la familia SIMATIC Drive Controller (Todas las versiones anteriores a la versi\u00f3n V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incluyendo las variantes SIPLUS) (Todas las versiones), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incluyendo las variantes SIPLUS) (Todas las versiones anteriores a la versi\u00f3n V21.9), familia SIMATIC S7-1200 CPU (incluyendo las variantes SIPLUS) (Todas las versiones anteriores a la versi\u00f3n V4.5.0), familia SIMATIC S7-1500 CPU (incluyendo CPU ET200 relacionadas y variantes SIPLUS) (Todas las versiones anteriores a la versi\u00f3n V2.9.2), SIMATIC S7-1500 Software Controller (Todas las versiones anteriores a la versi\u00f3n V21.9), SIMATIC S7-PLCSIM Advanced (Todas las versiones anteriores a la versi\u00f3n V4.0), SINAMICS PERFECT HARMONY GH180 Drives (Unidades fabricadas antes de 2021-08-13), SINUMERIK MC (Todas las versiones anteriores a la versi\u00f3n V6.15), SINUMERIK ONE (Todas las versiones anteriores a la versi\u00f3n V6.15). Los dispositivos afectados son vulnerables a una omisi\u00f3n de protecci\u00f3n de la memoria mediante una operaci\u00f3n espec\u00edfica. Un atacante remoto no autenticado con acceso de red al puerto 102/tcp podr\u00eda potencialmente escribir datos y c\u00f3digo arbitrario en \u00e1reas de memoria protegidas o leer datos confidenciales para iniciar m\u00e1s ataques"
}
],
"id": "CVE-2020-15782",
"lastModified": "2024-11-21T05:06:10.140",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-05-28T16:15:07.790",
"references": [
{
"source": "productcert@siemens.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-434534.pdf"
},
{
"source": "productcert@siemens.com",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-434535.pdf"
},
{
"source": "productcert@siemens.com",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-434536.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-434534.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-434535.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-434536.pdf"
}
],
"sourceIdentifier": "productcert@siemens.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "productcert@siemens.com",
"type": "Primary"
}
]
}
cnvd-2021-37944
Vulnerability from cnvd
Title
Siemens SIMATIC S7-1200和S7-1500 CPU系列内存保护绕过漏洞
Description
Siemens SIMATIC S7-1200和S7-1500 CPU系列产品设计用于工业环境中的离散和连续控制,如全球制造业、食品和饮料以及化学工业。
Siemens SIMATIC S7-1200和S7-1500 CPU系列存在安全漏洞。未经验证的远程攻击者可利用漏洞将任意数据和代码写入受保护的内存区域,或读取敏感数据以发起进一步的攻击。
Severity
高
VLAI Severity ?
Patch Name
Siemens SIMATIC S7-1200和S7-1500 CPU系列内存保护绕过漏洞的补丁
Patch Description
Siemens SIMATIC S7-1200和S7-1500 CPU系列产品设计用于工业环境中的离散和连续控制,如全球制造业、食品和饮料以及化学工业。
Siemens SIMATIC S7-1200和S7-1500 CPU系列存在安全漏洞。未经验证的远程攻击者可利用漏洞将任意数据和代码写入受保护的内存区域,或读取敏感数据以发起进一步的攻击。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
用户可参考如下供应商提供的安全公告获得补丁信息: https://cert-portal.siemens.com/productcert/pdf/ssa-434534.pdf
Reference
https://cert-portal.siemens.com/productcert/pdf/ssa-434534.pdf
Impacted products
| Name | ['Siemens SIMATIC Drive Controller family < V2.9.2', 'Siemens SIMATIC S7-1500 Software Controller', 'Siemens SIMATIC S7-PLCSIM Advanced', 'Siemens SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) < V2.9.2', 'Siemens SIMATIC S7-1200 CPU family (incl. SIPLUS variants) < V4.5.0', 'Siemens SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants)', 'Siemens SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)'] |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2020-15782"
}
},
"description": "Siemens SIMATIC S7-1200\u548cS7-1500 CPU\u7cfb\u5217\u4ea7\u54c1\u8bbe\u8ba1\u7528\u4e8e\u5de5\u4e1a\u73af\u5883\u4e2d\u7684\u79bb\u6563\u548c\u8fde\u7eed\u63a7\u5236\uff0c\u5982\u5168\u7403\u5236\u9020\u4e1a\u3001\u98df\u54c1\u548c\u996e\u6599\u4ee5\u53ca\u5316\u5b66\u5de5\u4e1a\u3002\n\nSiemens SIMATIC S7-1200\u548cS7-1500 CPU\u7cfb\u5217\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u672a\u7ecf\u9a8c\u8bc1\u7684\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u5c06\u4efb\u610f\u6570\u636e\u548c\u4ee3\u7801\u5199\u5165\u53d7\u4fdd\u62a4\u7684\u5185\u5b58\u533a\u57df\uff0c\u6216\u8bfb\u53d6\u654f\u611f\u6570\u636e\u4ee5\u53d1\u8d77\u8fdb\u4e00\u6b65\u7684\u653b\u51fb\u3002",
"formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u4f9b\u5e94\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttps://cert-portal.siemens.com/productcert/pdf/ssa-434534.pdf",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2021-37944",
"openTime": "2021-05-31",
"patchDescription": "Siemens SIMATIC S7-1200\u548cS7-1500 CPU\u7cfb\u5217\u4ea7\u54c1\u8bbe\u8ba1\u7528\u4e8e\u5de5\u4e1a\u73af\u5883\u4e2d\u7684\u79bb\u6563\u548c\u8fde\u7eed\u63a7\u5236\uff0c\u5982\u5168\u7403\u5236\u9020\u4e1a\u3001\u98df\u54c1\u548c\u996e\u6599\u4ee5\u53ca\u5316\u5b66\u5de5\u4e1a\u3002\r\n\r\nSiemens SIMATIC S7-1200\u548cS7-1500 CPU\u7cfb\u5217\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u672a\u7ecf\u9a8c\u8bc1\u7684\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u5c06\u4efb\u610f\u6570\u636e\u548c\u4ee3\u7801\u5199\u5165\u53d7\u4fdd\u62a4\u7684\u5185\u5b58\u533a\u57df\uff0c\u6216\u8bfb\u53d6\u654f\u611f\u6570\u636e\u4ee5\u53d1\u8d77\u8fdb\u4e00\u6b65\u7684\u653b\u51fb\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Siemens SIMATIC S7-1200\u548cS7-1500 CPU\u7cfb\u5217\u5185\u5b58\u4fdd\u62a4\u7ed5\u8fc7\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": [
"Siemens SIMATIC Drive Controller family \u003c V2.9.2",
"Siemens SIMATIC S7-1500 Software Controller",
"Siemens SIMATIC S7-PLCSIM Advanced",
"Siemens SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) \u003c V2.9.2",
"Siemens SIMATIC S7-1200 CPU family (incl. SIPLUS variants) \u003c V4.5.0",
"Siemens SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants)",
"Siemens SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)"
]
},
"referenceLink": "https://cert-portal.siemens.com/productcert/pdf/ssa-434534.pdf",
"serverity": "\u9ad8",
"submitTime": "2021-05-31",
"title": "Siemens SIMATIC S7-1200\u548cS7-1500 CPU\u7cfb\u5217\u5185\u5b58\u4fdd\u62a4\u7ed5\u8fc7\u6f0f\u6d1e"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…