Details of VAR-202009-0573

ID

VAR-202009-0573

CVE

CVE-2020-15791

TITLE

Inadequate protection of credentials in multiple Siemens products

Trust: 0.8

sources: JVNDB: JVNDB-2020-010875

DESCRIPTION

A vulnerability has been identified in SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC S7-400 CPU family (incl. SIPLUS variants) (All versions), SIMATIC WinAC RTX (F) 2010 (All versions), SINUMERIK 840D sl (All versions). The authentication protocol between a client and a PLC via port 102/tcp (ISO-TSAP) insufficiently protects the transmitted password. This could allow an attacker that is able to intercept the network traffic to obtain valid PLC credentials. Several Siemens products contain vulnerabilities to inadequate protection of credentials.Information may be obtained. Siemens SIMATIC S7-300 CPU is a modular universal controller of Siemens (Siemens) for the manufacturing industry. Products in the Siemens SIMATIC S7-400 CPU series have been designed for process control in an industrial environment

Trust: 2.25

sources: NVD: CVE-2020-15791 // JVNDB: JVNDB-2020-010875 // CNVD: CNVD-2020-51248 // VULMON: CVE-2020-15791

IOT TAXONOMY

category:

['ICS', 'Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-51248

AFFECTED PRODUCTS

vendor:	siemens	model:	simatic s7-400 cpu 416	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	simatic s7-300 cpu 314	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	simatic s7-300 cpu 317-2 pn	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	simatic s7-300 cpu 315f-2 pn	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	simatic s7-300 cpu 317-2 dp	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	simatic s7-300 cpu 315-2 dp	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	simatic s7-400 cpu 414	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	simatic s7-300 cpu 315-2 pn	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	simatic s7-300 cpu 315f-2 dp	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	simatic s7-400 cpu 412	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	simatic s7-300 cpu 312	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	simatic s7-400 cpu 417	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	simatic s7-300 cpu 317f-2 pn	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	simatic s7-300 cpu 317f-2 dp	scope:	eq	version:	*	Trust: 1.0
vendor:	シーメンス	model:	s7-300 cpu 317-2 pn	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	s7-300 cpu 317-2 dp	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	s7-300 cpu 317f-2 pn	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	s7-300 cpu 315-2 pn	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	s7-300 cpu 312	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	s7-300 cpu 315f-2 dp	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	simatic s7-300 cpu 314	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	simatic s7-300 cpu 315-2 dp	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	s7-300 cpu 317f-2 dp	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	s7-300 cpu 315f-2 pn	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	simatic s7-400 cpu family	scope:	-	version:	-	Trust: 0.6
vendor:	siemens	model:	simatic s7-300 cpu family	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2020-51248 // JVNDB: JVNDB-2020-010875 // NVD: CVE-2020-15791

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-15791
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2020-15791
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2020-51248
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202009-508
value:	MEDIUM
Trust: 0.6
VULMON:	CVE-2020-15791
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2020-15791
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	6.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2020-51248
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:A/AC:H/AU:N/C:C/I:N/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.2
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2020-15791
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2020-15791
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-51248 // VULMON: CVE-2020-15791 // JVNDB: JVNDB-2020-010875 // CNNVD: CNNVD-202009-508 // NVD: CVE-2020-15791

PROBLEMTYPE DATA

problemtype:	CWE-522	Trust: 1.0
problemtype:	Inadequate protection of credentials (CWE-522) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2020-010875 // NVD: CVE-2020-15791

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202009-508

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202009-508

PATCH

title:	SSA-381684	url:	https://cert-portal.siemens.com/productcert/pdf/ssa-381684.pdf	Trust: 0.8
title:	Patch for Vulnerability of improper password protection during authentication of multiple Siemens products	url:	https://www.cnvd.org.cn/patchInfo/show/233326	Trust: 0.6
title:	Siemens PLC Repair measures for insufficient authentication vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=127927	Trust: 0.6
title:	Siemens Security Advisories: Siemens Security Advisory	url:	https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=988139e7cf44fe26068389e074427cdd	Trust: 0.1
title:	-	url:	https://github.com/vishaalmehta1/VCUCybersecurityClub	Trust: 0.1

sources: CNVD: CNVD-2020-51248 // VULMON: CVE-2020-15791 // JVNDB: JVNDB-2020-010875 // CNNVD: CNNVD-202009-508

EXTERNAL IDS

db:	NVD	id:	CVE-2020-15791	Trust: 3.9
db:	SIEMENS	id:	SSA-381684	Trust: 2.3
db:	ICS CERT	id:	ICSA-20-252-02	Trust: 1.4
db:	JVN	id:	JVNVU94568336	Trust: 0.8
db:	JVNDB	id:	JVNDB-2020-010875	Trust: 0.8
db:	CNVD	id:	CNVD-2020-51248	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.3077	Trust: 0.6
db:	CNNVD	id:	CNNVD-202009-508	Trust: 0.6
db:	VULMON	id:	CVE-2020-15791	Trust: 0.1

sources: CNVD: CNVD-2020-51248 // VULMON: CVE-2020-15791 // JVNDB: JVNDB-2020-010875 // CNNVD: CNNVD-202009-508 // NVD: CVE-2020-15791

REFERENCES

url:	https://cert-portal.siemens.com/productcert/pdf/ssa-381684.pdf	Trust: 2.3
url:	https://nvd.nist.gov/vuln/detail/cve-2020-15791	Trust: 1.4
url:	https://us-cert.cisa.gov/ics/advisories/icsa-20-252-02	Trust: 1.4
url:	https://jvn.jp/vu/jvnvu94568336/index.html	Trust: 0.8
url:	https://vigilance.fr/vulnerability/siemens-simatic-s7-300-s7-400-information-disclosure-via-iso-tsap-password-33283	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.3077/	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/522.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://github.com/vishaalmehta1/vcucybersecurityclub	Trust: 0.1
url:	https://cert-portal.siemens.com/productcert/txt/ssa-381684.txt	Trust: 0.1

sources: CNVD: CNVD-2020-51248 // VULMON: CVE-2020-15791 // JVNDB: JVNDB-2020-010875 // CNNVD: CNNVD-202009-508 // NVD: CVE-2020-15791

SOURCES

db:	CNVD	id:	CNVD-2020-51248
db:	VULMON	id:	CVE-2020-15791
db:	JVNDB	id:	JVNDB-2020-010875
db:	CNNVD	id:	CNNVD-202009-508
db:	NVD	id:	CVE-2020-15791

LAST UPDATE DATE

2024-08-14T12:23:25.763000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-51248	date:	2020-09-10T00:00:00
db:	VULMON	id:	CVE-2020-15791	date:	2020-12-14T00:00:00
db:	JVNDB	id:	JVNDB-2020-010875	date:	2022-03-11T06:04:00
db:	CNNVD	id:	CNNVD-202009-508	date:	2021-01-05T00:00:00
db:	NVD	id:	CVE-2020-15791	date:	2020-12-14T22:15:14.737

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-51248	date:	2020-09-10T00:00:00
db:	VULMON	id:	CVE-2020-15791	date:	2020-09-09T00:00:00
db:	JVNDB	id:	JVNDB-2020-010875	date:	2021-02-12T00:00:00
db:	CNNVD	id:	CNNVD-202009-508	date:	2020-09-08T00:00:00
db:	NVD	id:	CVE-2020-15791	date:	2020-09-09T19:15:20.663