Details of VAR-202002-1693

ID

VAR-202002-1693

TITLE

SIEMENS SIMATIC S7-200 Smart has weak password vulnerability

Trust: 0.6

sources: CNVD: CNVD-2020-13866

DESCRIPTION

Siemens is the world's leading technology company. With innovations in the fields of electrification, automation and digitalization, Siemens provides customers with solutions in the fields of power generation and transmission and distribution, infrastructure, industrial automation, drives and software. SIEMENS SIMATIC S7-200 Smart has a weak password vulnerability. Attackers can use this vulnerability to obtain sensitive information.

Trust: 0.6

sources: CNVD: CNVD-2020-13866

IOT TAXONOMY

category:

['ICS', 'Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-13866

AFFECTED PRODUCTS

vendor:

siemens

model:

simatic s7-200 smart

scope:

version:

2.x.x

Trust: 0.6

sources: CNVD: CNVD-2020-13866

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2020-13866
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2020-13866
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2020-13866

PATCH

title:

SIEMENS SIMATIC S7-200 Smart PLC has weak password vulnerability

url:

https://www.cnvd.org.cn/patchinfo/show/196167

Trust: 0.6

sources: CNVD: CNVD-2020-13866

EXTERNAL IDS

db:

CNVD

id:

CNVD-2020-13866

Trust: 0.6

sources: CNVD: CNVD-2020-13866

SOURCES

db:

CNVD

id:

CNVD-2020-13866

LAST UPDATE DATE

2022-05-04T09:42:35.275000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2020-13866

date:

2020-03-13T00:00:00

SOURCES RELEASE DATE

db:

CNVD

id:

CNVD-2020-13866

date:

2020-02-17T00:00:00