FSA-202405

Vulnerability from csaf_festosecokg - Published: 2024-09-09 07:00 - Updated: 2025-11-05 08:00
Summary
Festo: Siemens S7-1500/ET200SP CPU used in Festo Didactic products contains a memory protection bypass vulnerability
Notes
Summary: Siemens SIMATIC S7-1200 and S7-1500 CPUs contained in various Festo Didactic products contain a memory protection bypass vulnerability that could allow an attacker to write arbitrary data and code to protected memory areas or read sensitive data to launch further attacks
Impact: Siemens SIMATIC S7-1200 and S7-1500 CPUs have a memory protection bypass vulnerability allowing attackers to write or read data in protected memory, potentially enabling further attacks.
Remediation: Update Siemens Simatic S7-1500 / ET200SP Firmware to V2.9.2 or higher
General recommendations: As part of a security strategy, Festo recommends the following general defense measures to reduce the risk of exploits: - Use controllers and devices only in a protected environment to minimize network exposure and ensure that they are not accessible from outside. - Use firewalls to protect and separate the control system network from other networks. - Use VPN (Virtual Private Networks) tunnels if remote access is required. - Activate and apply user management and password features. - Use encrypted communication links. - Limit the access to both development and control system by physical means, operating system features, etc. - Protect both development and control systems by using up-to-date virus detection solutions. Festo strongly recommends minimizing and protecting network access to connected devices with state-of-the-art techniques and processes. To ensure secure operation follow the recommendations in the product manuals.
Disclaimer: Festo assumes no liability whatsoever for indirect, collateral, accidental or consequential losses that occur by the distribution and/or use of this document or any losses in connection with the distribution and/or use of this document. All information published in this document is provided free of charge and on good faith by Festo. Insofar as permissible by law, however, none of this information shall establish any warranty, guarantee, commitment or liability on the part of Festo. Note: In no case does these information release the operator or responsible person from the obligation to check the effect on his system or installation before using the information and, in the event of negative consequences, not to use the information. In addition, the actual general terms and conditions of Festo for delivery, payment and software use shall apply, available under https://www.festo.com.
CVE-2020-15782

SIMATIC S7-1200 and S7-1500 CPU products contain a memory protection bypass vulnerability that could allow an attacker to write arbitrary data and code to protected memory areas or read sensitive data to launch further attacks. Siemens has released updates for several affected products and strongly recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not, or not yet available.

9.8 (Critical)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
Vendor Fix Update Siemens Simatic S7-1500 / ET200SP Firmware to V2.9.2 or higher https://support.industry.siemens.com/cs/de/en/vie…
References
Acknowledgments
CERT@VDE certvde.com/
To clipboard 

{
  "document": {
    "acknowledgments": [
      {
        "organization": "CERT@VDE",
        "summary": "coordination",
        "urls": [
          "https://certvde.com/"
        ]
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-GB",
    "notes": [
      {
        "category": "summary",
        "text": "Siemens SIMATIC S7-1200 and S7-1500 CPUs contained in various Festo Didactic products contain a memory protection bypass vulnerability that could allow an attacker to write arbitrary data and code to protected memory areas or read sensitive data to launch further attacks",
        "title": "Summary"
      },
      {
        "category": "description",
        "text": "Siemens SIMATIC S7-1200 and S7-1500 CPUs have a memory protection bypass vulnerability allowing attackers to write or read data in protected memory, potentially enabling further attacks.",
        "title": "Impact"
      },
      {
        "category": "description",
        "text": "Update Siemens Simatic S7-1500 / ET200SP Firmware to V2.9.2 or higher ",
        "title": "Remediation"
      },
      {
        "category": "general",
        "text": "As part of a security strategy, Festo recommends the following general defense measures to reduce the risk of exploits: \n- Use controllers and devices only in a protected environment to minimize network exposure and ensure that they are not accessible from outside.\n- Use firewalls to protect and separate the control system network from other networks.\n- Use VPN (Virtual Private Networks) tunnels if remote access is required.\n- Activate and apply user management and password features.\n- Use encrypted communication links.\n- Limit the access to both development and control system by physical means, operating system features, etc. \n- Protect both development and control systems by using up-to-date virus detection solutions.\n\nFesto strongly recommends minimizing and protecting network access to connected devices with state-of-the-art techniques and processes. \nTo ensure secure operation follow the recommendations in the product manuals.",
        "title": "General recommendations"
      },
      {
        "category": "legal_disclaimer",
        "text": "Festo assumes no liability whatsoever for indirect, collateral, accidental or consequential losses that occur by the distribution and/or use of this document or any losses in connection with the distribution and/or use of this document. All information published in this document is provided free of charge and on good faith by Festo. Insofar as permissible by law, however, none of this information shall establish any warranty, guarantee, commitment or liability on the part of Festo. Note: In no case does these information release the operator or responsible person from the obligation to check the effect on his system or installation before using the information and, in the event of negative consequences, not to use the information.\n\n\nIn addition, the actual general terms and conditions of Festo for delivery, payment and software use shall apply, available under https://www.festo.com.",
        "title": "Disclaimer"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "psirt@festo.com",
      "name": "Festo SE \u0026 Co. KG",
      "namespace": "https://festo.com"
    },
    "references": [
      {
        "category": "external",
        "summary": "For further security-related issues in Festo products please contact the Festo Product Security Incident Response Team (PSIRT)",
        "url": "https://festo.com/psirt"
      },
      {
        "category": "external",
        "summary": "CERT@VDE Security Advisories for Festo",
        "url": "https://certvde.com/en/advisories/vendor/festo"
      },
      {
        "category": "self",
        "summary": "FSA-202405: Festo: Siemens S7-1500/ET200SP CPU used in Festo Didactic products contains a memory protection bypass vulnerability - HTML",
        "url": "https://certvde.com/en/advisories/VDE-2024-055"
      },
      {
        "category": "external",
        "summary": "Link to CVE",
        "url": "https://www.cve.org/CVERecord?id=CVE-2020-15782"
      },
      {
        "category": "self",
        "summary": "FSA-202405: Festo: Siemens S7-1500/ET200SP CPU used in Festo Didactic products contains a memory protection bypass vulnerability - CSAF",
        "url": "https://festo.csaf-tp.certvde.com/.well-known/csaf/white/2024/fsa-202405.json"
      }
    ],
    "title": "Festo: Siemens S7-1500/ET200SP CPU used in Festo Didactic products contains a memory protection bypass vulnerability",
    "tracking": {
      "aliases": [
        "VDE-2024-055"
      ],
      "current_release_date": "2025-11-05T08:00:00.000Z",
      "generator": {
        "date": "2025-11-05T08:16:50.154Z",
        "engine": {
          "name": "Secvisogram",
          "version": "2.5.35"
        }
      },
      "id": "FSA-202405",
      "initial_release_date": "2024-09-09T07:00:00.000Z",
      "revision_history": [
        {
          "date": "2024-09-09T07:00:00.000Z",
          "number": "1.0.0",
          "summary": "Initial version"
        },
        {
          "date": "2024-11-06T11:27:01.000Z",
          "number": "2.0.0",
          "summary": "Fix: correct certvde domain, fixed language setting, added self-reference"
        },
        {
          "date": "2025-02-27T09:00:00.000Z",
          "number": "3.0.0",
          "summary": "Update: new Dokument ID"
        },
        {
          "date": "2025-11-05T08:00:00.000Z",
          "number": "3.0.1",
          "summary": "Removed environmental score from CVSS rating."
        }
      ],
      "status": "final",
      "version": "3.0.1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "CP including S7 PLC",
                "product": {
                  "name": "FESTO Didactic CP including S7 PLC",
                  "product_id": "CSAFPID-11001"
                }
              },
              {
                "category": "product_name",
                "name": "MPS 200 Systems",
                "product": {
                  "name": "FESTO Didactic MPS 200 Systems",
                  "product_id": "CSAFPID-11002"
                }
              },
              {
                "category": "product_name",
                "name": "MPS 400 Systems",
                "product": {
                  "name": "FESTO Didactic MPS 400 Systems",
                  "product_id": "CSAFPID-11003"
                }
              }
            ],
            "category": "product_family",
            "name": "Hardware"
          },
          {
            "branches": [
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "\u003cV2.9.2",
                    "product": {
                      "name": "Siemens Simatic S7-1500 / ET200SP \u003cV2.9.2",
                      "product_id": "CSAFPID-21001"
                    }
                  },
                  {
                    "category": "product_version",
                    "name": "V2.9.2",
                    "product": {
                      "name": "Siemens Simatic S7-1500 / ET200SP V2.9.2",
                      "product_id": "CSAFPID-22001"
                    }
                  }
                ],
                "category": "product_family",
                "name": "Siemens Simatic S7-1500 / ET200SP"
              }
            ],
            "category": "product_family",
            "name": "Firmware"
          }
        ],
        "category": "vendor",
        "name": "FESTO Didactic"
      }
    ],
    "product_groups": [
      {
        "group_id": "CSAFGID-0001",
        "product_ids": [
          "CSAFPID-31001",
          "CSAFPID-31002",
          "CSAFPID-31003"
        ],
        "summary": "Affected products."
      },
      {
        "group_id": "CSAFGID-0002",
        "product_ids": [
          "CSAFPID-32001",
          "CSAFPID-32002",
          "CSAFPID-32003"
        ],
        "summary": "Fixed products."
      }
    ],
    "relationships": [
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Siemens Simatic S7-1500 / ET200SP \u003cV2.9.2 installed on FESTO Didactic CP including S7 PLC",
          "product_id": "CSAFPID-31001"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11001"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Siemens Simatic S7-1500 / ET200SP \u003cV2.9.2 installed on FESTO Didactic MPS 200 Systems",
          "product_id": "CSAFPID-31002"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11002"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Siemens Simatic S7-1500 / ET200SP \u003cV2.9.2 installed on FESTO Didactic MPS 400 Systems",
          "product_id": "CSAFPID-31003"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11003"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Siemens Simatic S7-1500 / ET200SP V2.9.2 installed on FESTO Didactic CP including S7 PLC",
          "product_id": "CSAFPID-32001"
        },
        "product_reference": "CSAFPID-22001",
        "relates_to_product_reference": "CSAFPID-11001"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Siemens Simatic S7-1500 / ET200SP V2.9.2 installed on FESTO Didactic MPS 200 Systems",
          "product_id": "CSAFPID-32002"
        },
        "product_reference": "CSAFPID-22001",
        "relates_to_product_reference": "CSAFPID-11002"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Siemens Simatic S7-1500 / ET200SP V2.9.2 installed on FESTO Didactic MPS 400 Systems",
          "product_id": "CSAFPID-32003"
        },
        "product_reference": "CSAFPID-22001",
        "relates_to_product_reference": "CSAFPID-11003"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-15782",
      "cwe": {
        "id": "CWE-119",
        "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
      },
      "notes": [
        {
          "audience": "all",
          "category": "description",
          "text": "SIMATIC S7-1200 and S7-1500 CPU products contain a memory protection bypass vulnerability that could allow an attacker to write arbitrary data and code to protected memory areas or read sensitive data to launch further attacks. \nSiemens has released updates for several affected products and strongly recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not, or not yet available.",
          "title": "Vulnerability Description"
        }
      ],
      "product_status": {
        "fixed": [
          "CSAFPID-32001",
          "CSAFPID-32002",
          "CSAFPID-32003"
        ],
        "known_affected": [
          "CSAFPID-31001",
          "CSAFPID-31002",
          "CSAFPID-31003"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "Vendor advisory (SSA-434534)",
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-434534.pdf"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-05-07T10:00:00.000Z",
          "details": "Update Siemens Simatic S7-1500 / ET200SP Firmware to V2.9.2 or higher ",
          "group_ids": [
            "CSAFGID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/de/en/view/109478459"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "availabilityRequirement": "LOW",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "confidentialityRequirement": "LOW",
            "environmentalScore": 9.8,
            "environmentalSeverity": "CRITICAL",
            "temporalScore": 9.8,
            "temporalSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-31001",
            "CSAFPID-31002",
            "CSAFPID-31003"
          ]
        }
      ],
      "title": "CVE-2020-15782"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.