ID

VAR-202007-1238


CVE

CVE-2020-7592


TITLE

Vulnerability in plaintext transmission of critical information in multiple Siemens products

Trust: 0.8

sources: JVNDB: JVNDB-2020-008612

DESCRIPTION

A vulnerability has been identified in SIMATIC HMI Basic Panels 1st Generation (incl. SIPLUS variants) (All versions), SIMATIC HMI Basic Panels 2nd Generation (incl. SIPLUS variants) (All versions), SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions), SIMATIC HMI KTP700F Mobile Arctic (All versions), SIMATIC HMI Mobile Panels 2nd Generation (All versions), SIMATIC WinCC Runtime Advanced (All versions). Unencrypted communication between the configuration software and the respective device could allow an attacker to capture potential plain text communication and have access to sensitive information. Several Siemens products contain vulnerabilities in the transmission of important information in clear text.Information may be obtained. SIMATIC HMI Panels are used for operator control, monitoring of machines and equipment. SIMATIC WinCC Runtime Advanced is a visual runtime platform, monitoring of machines and equipment. SIPLUS extreme products are designed to operate under extreme conditions. It is based on Imatic, LOGO! SITOP, SINAMICS, SIMOTION, SCALANCE or other equipment

Trust: 2.16

sources: NVD: CVE-2020-7592 // JVNDB: JVNDB-2020-008612 // CNVD: CNVD-2020-40613

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-40613

AFFECTED PRODUCTS

vendor:siemensmodel:simatic wincc runtime advancedscope: - version: -

Trust: 1.4

vendor:siemensmodel:simatic hmi comfort panelsscope: - version: -

Trust: 1.4

vendor:siemensmodel:simatic hmi basic panels 2nd generationscope: - version: -

Trust: 1.4

vendor:siemensmodel:simatic hmi basic panels 1st generationscope: - version: -

Trust: 1.4

vendor:siemensmodel:simatic hmi mobile panels 2nd generationscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic wincc runtime advancedscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic hmi basic panels 2nd generationscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic hmi ktp700f mobile arcticscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic hmi comfort panelsscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic hmi basic panels 1st generationscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic hmi ktp mobile panels ktp700fscope: - version: -

Trust: 0.8

vendor:siemensmodel:simatic hmi mobile panels 2nd generationscope: - version: -

Trust: 0.6

vendor:siemensmodel:simatic hmi ktp700f mobile arcticscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2020-40613 // JVNDB: JVNDB-2020-008612 // NVD: CVE-2020-7592

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-7592
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2020-008612
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2020-40613
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202007-578
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2020-7592
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-008612
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector: ADJACENT NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-40613
severity: MEDIUM
baseScore: 6.1
vectorString: AV:A/AC:L/AU:N/C:C/I:N/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-7592
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-008612
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-40613 // JVNDB: JVNDB-2020-008612 // CNNVD: CNNVD-202007-578 // NVD: CVE-2020-7592

PROBLEMTYPE DATA

problemtype:CWE-319

Trust: 1.8

sources: JVNDB: JVNDB-2020-008612 // NVD: CVE-2020-7592

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202007-578

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202007-578

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-008612

PATCH

title:SSA-364335url:https://cert-portal.siemens.com/productcert/pdf/ssa-364335.pdf

Trust: 0.8

title:Patch for Information Disclosure Vulnerabilities in Multiple Siemens Productsurl:https://www.cnvd.org.cn/patchInfo/show/225825

Trust: 0.6

sources: CNVD: CNVD-2020-40613 // JVNDB: JVNDB-2020-008612

EXTERNAL IDS

db:NVDid:CVE-2020-7592

Trust: 3.0

db:ICS CERTid:ICSA-20-196-04

Trust: 2.4

db:SIEMENSid:SSA-364335

Trust: 2.2

db:JVNid:JVNVU97872642

Trust: 0.8

db:JVNDBid:JVNDB-2020-008612

Trust: 0.8

db:CNVDid:CNVD-2020-40613

Trust: 0.6

db:AUSCERTid:ESB-2020.2387

Trust: 0.6

db:CNNVDid:CNNVD-202007-578

Trust: 0.6

sources: CNVD: CNVD-2020-40613 // JVNDB: JVNDB-2020-008612 // CNNVD: CNNVD-202007-578 // NVD: CVE-2020-7592

REFERENCES

url:https://us-cert.cisa.gov/ics/advisories/icsa-20-196-04

Trust: 2.4

url:https://cert-portal.siemens.com/productcert/pdf/ssa-364335.pdf

Trust: 2.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-7592

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-7592

Trust: 0.8

url:https://jvn.jp/vu/jvnvu97872642/

Trust: 0.8

url:https://vigilance.fr/vulnerability/simatic-information-disclosure-via-clear-text-transmission-32815

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.2387/

Trust: 0.6

sources: CNVD: CNVD-2020-40613 // JVNDB: JVNDB-2020-008612 // CNNVD: CNNVD-202007-578 // NVD: CVE-2020-7592

SOURCES

db:CNVDid:CNVD-2020-40613
db:JVNDBid:JVNDB-2020-008612
db:CNNVDid:CNNVD-202007-578
db:NVDid:CVE-2020-7592

LAST UPDATE DATE

2024-11-23T21:35:29.460000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2020-40613date:2020-07-17T00:00:00
db:JVNDBid:JVNDB-2020-008612date:2020-09-17T00:00:00
db:CNNVDid:CNNVD-202007-578date:2022-03-11T00:00:00
db:NVDid:CVE-2020-7592date:2024-11-21T05:37:26.090

SOURCES RELEASE DATE

db:CNVDid:CNVD-2020-40613date:2020-07-17T00:00:00
db:JVNDBid:JVNDB-2020-008612date:2020-09-17T00:00:00
db:CNNVDid:CNNVD-202007-578date:2020-07-14T00:00:00
db:NVDid:CVE-2020-7592date:2020-07-14T14:15:19.073