ID

VAR-202009-0573


CVE

CVE-2020-15791


TITLE

Inadequate protection of credentials in multiple Siemens products

Trust: 0.8

sources: JVNDB: JVNDB-2020-010875

DESCRIPTION

A vulnerability has been identified in SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC S7-400 CPU family (incl. SIPLUS variants) (All versions), SIMATIC WinAC RTX (F) 2010 (All versions), SINUMERIK 840D sl (All versions). The authentication protocol between a client and a PLC via port 102/tcp (ISO-TSAP) insufficiently protects the transmitted password. This could allow an attacker that is able to intercept the network traffic to obtain valid PLC credentials. Several Siemens products contain vulnerabilities to inadequate protection of credentials.Information may be obtained. Siemens SIMATIC S7-300 CPU is a modular universal controller of Siemens (Siemens) for the manufacturing industry. Products in the Siemens SIMATIC S7-400 CPU series have been designed for process control in an industrial environment

Trust: 2.25

sources: NVD: CVE-2020-15791 // JVNDB: JVNDB-2020-010875 // CNVD: CNVD-2020-51248 // VULMON: CVE-2020-15791

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-51248

AFFECTED PRODUCTS

vendor:siemensmodel:simatic s7-400 cpu 416scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic s7-300 cpu 314scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic s7-300 cpu 317-2 pnscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic s7-300 cpu 315f-2 pnscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic s7-300 cpu 317-2 dpscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic s7-300 cpu 315-2 dpscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic s7-400 cpu 414scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic s7-300 cpu 315-2 pnscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic s7-300 cpu 315f-2 dpscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic s7-400 cpu 412scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic s7-300 cpu 312scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic s7-400 cpu 417scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic s7-300 cpu 317f-2 pnscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic s7-300 cpu 317f-2 dpscope:eqversion:*

Trust: 1.0

vendor:シーメンスmodel:s7-300 cpu 317-2 pnscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:s7-300 cpu 317-2 dpscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:s7-300 cpu 317f-2 pnscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:s7-300 cpu 315-2 pnscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:s7-300 cpu 312scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:s7-300 cpu 315f-2 dpscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic s7-300 cpu 314scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic s7-300 cpu 315-2 dpscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:s7-300 cpu 317f-2 dpscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:s7-300 cpu 315f-2 pnscope: - version: -

Trust: 0.8

vendor:siemensmodel:simatic s7-400 cpu familyscope: - version: -

Trust: 0.6

vendor:siemensmodel:simatic s7-300 cpu familyscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2020-51248 // JVNDB: JVNDB-2020-010875 // NVD: CVE-2020-15791

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-15791
value: MEDIUM

Trust: 1.0

NVD: CVE-2020-15791
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2020-51248
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202009-508
value: MEDIUM

Trust: 0.6

VULMON: CVE-2020-15791
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2020-15791
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2020-51248
severity: MEDIUM
baseScore: 4.6
vectorString: AV:A/AC:H/AU:N/C:C/I:N/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.2
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-15791
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2020-15791
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-51248 // VULMON: CVE-2020-15791 // JVNDB: JVNDB-2020-010875 // CNNVD: CNNVD-202009-508 // NVD: CVE-2020-15791

PROBLEMTYPE DATA

problemtype:CWE-522

Trust: 1.0

problemtype:Inadequate protection of credentials (CWE-522) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2020-010875 // NVD: CVE-2020-15791

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202009-508

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202009-508

PATCH

title:SSA-381684url:https://cert-portal.siemens.com/productcert/pdf/ssa-381684.pdf

Trust: 0.8

title:Patch for Vulnerability of improper password protection during authentication of multiple Siemens productsurl:https://www.cnvd.org.cn/patchInfo/show/233326

Trust: 0.6

title:Siemens PLC Repair measures for insufficient authentication vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=127927

Trust: 0.6

title:Siemens Security Advisories: Siemens Security Advisoryurl:https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=988139e7cf44fe26068389e074427cdd

Trust: 0.1

title: - url:https://github.com/vishaalmehta1/VCUCybersecurityClub

Trust: 0.1

sources: CNVD: CNVD-2020-51248 // VULMON: CVE-2020-15791 // JVNDB: JVNDB-2020-010875 // CNNVD: CNNVD-202009-508

EXTERNAL IDS

db:NVDid:CVE-2020-15791

Trust: 3.9

db:SIEMENSid:SSA-381684

Trust: 2.3

db:ICS CERTid:ICSA-20-252-02

Trust: 1.4

db:JVNid:JVNVU94568336

Trust: 0.8

db:JVNDBid:JVNDB-2020-010875

Trust: 0.8

db:CNVDid:CNVD-2020-51248

Trust: 0.6

db:AUSCERTid:ESB-2020.3077

Trust: 0.6

db:CNNVDid:CNNVD-202009-508

Trust: 0.6

db:VULMONid:CVE-2020-15791

Trust: 0.1

sources: CNVD: CNVD-2020-51248 // VULMON: CVE-2020-15791 // JVNDB: JVNDB-2020-010875 // CNNVD: CNNVD-202009-508 // NVD: CVE-2020-15791

REFERENCES

url:https://cert-portal.siemens.com/productcert/pdf/ssa-381684.pdf

Trust: 2.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-15791

Trust: 1.4

url:https://us-cert.cisa.gov/ics/advisories/icsa-20-252-02

Trust: 1.4

url:https://jvn.jp/vu/jvnvu94568336/index.html

Trust: 0.8

url:https://vigilance.fr/vulnerability/siemens-simatic-s7-300-s7-400-information-disclosure-via-iso-tsap-password-33283

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.3077/

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/522.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://github.com/vishaalmehta1/vcucybersecurityclub

Trust: 0.1

url:https://cert-portal.siemens.com/productcert/txt/ssa-381684.txt

Trust: 0.1

sources: CNVD: CNVD-2020-51248 // VULMON: CVE-2020-15791 // JVNDB: JVNDB-2020-010875 // CNNVD: CNNVD-202009-508 // NVD: CVE-2020-15791

SOURCES

db:CNVDid:CNVD-2020-51248
db:VULMONid:CVE-2020-15791
db:JVNDBid:JVNDB-2020-010875
db:CNNVDid:CNNVD-202009-508
db:NVDid:CVE-2020-15791

LAST UPDATE DATE

2024-08-14T12:23:25.763000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2020-51248date:2020-09-10T00:00:00
db:VULMONid:CVE-2020-15791date:2020-12-14T00:00:00
db:JVNDBid:JVNDB-2020-010875date:2022-03-11T06:04:00
db:CNNVDid:CNNVD-202009-508date:2021-01-05T00:00:00
db:NVDid:CVE-2020-15791date:2020-12-14T22:15:14.737

SOURCES RELEASE DATE

db:CNVDid:CNVD-2020-51248date:2020-09-10T00:00:00
db:VULMONid:CVE-2020-15791date:2020-09-09T00:00:00
db:JVNDBid:JVNDB-2020-010875date:2021-02-12T00:00:00
db:CNNVDid:CNNVD-202009-508date:2020-09-08T00:00:00
db:NVDid:CVE-2020-15791date:2020-09-09T19:15:20.663