var-202007-1238
Vulnerability from variot
A vulnerability has been identified in SIMATIC HMI Basic Panels 1st Generation (incl. SIPLUS variants) (All versions), SIMATIC HMI Basic Panels 2nd Generation (incl. SIPLUS variants) (All versions), SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions), SIMATIC HMI KTP700F Mobile Arctic (All versions), SIMATIC HMI Mobile Panels 2nd Generation (All versions), SIMATIC WinCC Runtime Advanced (All versions). Unencrypted communication between the configuration software and the respective device could allow an attacker to capture potential plain text communication and have access to sensitive information. Several Siemens products contain vulnerabilities in the transmission of important information in clear text.Information may be obtained. SIMATIC HMI Panels are used for operator control, monitoring of machines and equipment. SIMATIC WinCC Runtime Advanced is a visual runtime platform, monitoring of machines and equipment. SIPLUS extreme products are designed to operate under extreme conditions. It is based on Imatic, LOGO! SITOP, SINAMICS, SIMOTION, SCALANCE or other equipment
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202007-1238", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "simatic wincc runtime advanced", "scope": null, "trust": 1.4, "vendor": "siemens", "version": null }, { "model": "simatic hmi comfort panels", "scope": null, "trust": 1.4, "vendor": "siemens", "version": null }, { "model": "simatic hmi basic panels 2nd generation", "scope": null, "trust": 1.4, "vendor": "siemens", "version": null }, { "model": "simatic hmi basic panels 1st generation", "scope": null, "trust": 1.4, "vendor": "siemens", "version": null }, { "model": "simatic hmi mobile panels 2nd generation", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic wincc runtime advanced", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic hmi basic panels 2nd generation", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic hmi ktp700f mobile arctic", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic hmi comfort panels", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic hmi basic panels 1st generation", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic hmi ktp mobile panels ktp700f", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic hmi mobile panels 2nd generation", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "simatic hmi ktp700f mobile arctic", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-40613" }, { "db": "JVNDB", "id": "JVNDB-2020-008612" }, { "db": "NVD", "id": "CVE-2020-7592" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/h:siemens:simatic_hmi_basic_panels_generation_1", "vulnerable": true }, { "cpe22Uri": "cpe:/h:siemens:simatic_hmi_basic_panels_generation_2", "vulnerable": true }, { "cpe22Uri": "cpe:/o:siemens:simatic_hmi_comfort_panels", "vulnerable": true }, { "cpe22Uri": "cpe:/o:siemens:simatic_hmi_ktp_mobile_panels_ktp700f_firmware", "vulnerable": true }, { "cpe22Uri": "cpe:/a:siemens:wincc_runtime_advanced", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-008612" } ] }, "cve": "CVE-2020-7592", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 3.3, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 6.5, "id": "CVE-2020-7592", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "LOW", "trust": 1.0, "vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Adjacent Network", "authentication": "None", "author": "NVD", "availabilityImpact": "None", "baseScore": 3.3, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "JVNDB-2020-008612", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Low", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "NONE", "baseScore": 6.1, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 6.5, "id": "CNVD-2020-40613", "impactScore": 6.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.6, "vectorString": "AV:A/AC:L/Au:N/C:C/I:N/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "ADJACENT", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.8, "id": "CVE-2020-7592", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Adjacent Network", "author": "NVD", "availabilityImpact": "None", "baseScore": 6.5, "baseSeverity": "Medium", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "JVNDB-2020-008612", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2020-7592", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "JVNDB-2020-008612", "trust": 0.8, "value": "Medium" }, { "author": "CNVD", "id": "CNVD-2020-40613", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202007-578", "trust": 0.6, "value": "MEDIUM" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-40613" }, { "db": "JVNDB", "id": "JVNDB-2020-008612" }, { "db": "CNNVD", "id": "CNNVD-202007-578" }, { "db": "NVD", "id": "CVE-2020-7592" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in SIMATIC HMI Basic Panels 1st Generation (incl. SIPLUS variants) (All versions), SIMATIC HMI Basic Panels 2nd Generation (incl. SIPLUS variants) (All versions), SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions), SIMATIC HMI KTP700F Mobile Arctic (All versions), SIMATIC HMI Mobile Panels 2nd Generation (All versions), SIMATIC WinCC Runtime Advanced (All versions). Unencrypted communication between the configuration software and the respective device could allow an attacker to capture potential plain text communication and have access to sensitive information. Several Siemens products contain vulnerabilities in the transmission of important information in clear text.Information may be obtained. SIMATIC HMI Panels are used for operator control, monitoring of machines and equipment. SIMATIC WinCC Runtime Advanced is a visual runtime platform, monitoring of machines and equipment. SIPLUS extreme products are designed to operate under extreme conditions. It is based on Imatic, LOGO! SITOP, SINAMICS, SIMOTION, SCALANCE or other equipment", "sources": [ { "db": "NVD", "id": "CVE-2020-7592" }, { "db": "JVNDB", "id": "JVNDB-2020-008612" }, { "db": "CNVD", "id": "CNVD-2020-40613" } ], "trust": 2.16 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2020-7592", "trust": 3.0 }, { "db": "ICS CERT", "id": "ICSA-20-196-04", "trust": 2.4 }, { "db": "SIEMENS", "id": "SSA-364335", "trust": 2.2 }, { "db": "JVN", "id": "JVNVU97872642", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2020-008612", "trust": 0.8 }, { "db": "CNVD", "id": "CNVD-2020-40613", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.2387", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202007-578", "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-40613" }, { "db": "JVNDB", "id": "JVNDB-2020-008612" }, { "db": "CNNVD", "id": "CNNVD-202007-578" }, { "db": "NVD", "id": "CVE-2020-7592" } ] }, "id": "VAR-202007-1238", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2020-40613" } ], "trust": 1.2365613500000001 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS", "Network device" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-40613" } ] }, "last_update_date": "2024-11-23T21:35:29.460000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "SSA-364335", "trust": 0.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-364335.pdf" }, { "title": "Patch for Information Disclosure Vulnerabilities in Multiple Siemens Products", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/225825" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-40613" }, { "db": "JVNDB", "id": "JVNDB-2020-008612" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-319", "trust": 1.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-008612" }, { "db": "NVD", "id": "CVE-2020-7592" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.4, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-04" }, { "trust": 2.2, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-364335.pdf" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7592" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-7592" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu97872642/" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/simatic-information-disclosure-via-clear-text-transmission-32815" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.2387/" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-40613" }, { "db": "JVNDB", "id": "JVNDB-2020-008612" }, { "db": "CNNVD", "id": "CNNVD-202007-578" }, { "db": "NVD", "id": "CVE-2020-7592" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2020-40613" }, { "db": "JVNDB", "id": "JVNDB-2020-008612" }, { "db": "CNNVD", "id": "CNNVD-202007-578" }, { "db": "NVD", "id": "CVE-2020-7592" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-07-17T00:00:00", "db": "CNVD", "id": "CNVD-2020-40613" }, { "date": "2020-09-17T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-008612" }, { "date": "2020-07-14T00:00:00", "db": "CNNVD", "id": "CNNVD-202007-578" }, { "date": "2020-07-14T14:15:19.073000", "db": "NVD", "id": "CVE-2020-7592" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-07-17T00:00:00", "db": "CNVD", "id": "CNVD-2020-40613" }, { "date": "2020-09-17T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-008612" }, { "date": "2022-03-11T00:00:00", "db": "CNNVD", "id": "CNNVD-202007-578" }, { "date": "2024-11-21T05:37:26.090000", "db": "NVD", "id": "CVE-2020-7592" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote or local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202007-578" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Vulnerability in plaintext transmission of critical information in multiple Siemens products", "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-008612" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-202007-578" } ], "trust": 0.6 } }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.