Sign-up

ID

VAR-202012-0840


CVE

CVE-2020-28396


TITLE

plural  SICAM  Product protection mechanism defect vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2020-014388

DESCRIPTION

A vulnerability has been identified in SICAM A8000 CP-8000 (All versions < V16), SICAM A8000 CP-8021 (All versions < V16), SICAM A8000 CP-8022 (All versions < V16). A web server misconfiguration of the affected device can cause insecure ciphers usage by a user´s browser. An attacker in a privileged position could decrypt the communication and compromise confidentiality and integrity of the transmitted information. SICAM A8000 CP-8000 , SICAM A8000 CP-8021 , SICAM A8000 CP-8022 There is a vulnerability related to a defect in the protection mechanism.Information may be obtained and information may be tampered with. The SIEMENS SICAM A8000 RTUs (Remote Terminal Equipment) series is a modular equipment series for remote control and automation applications in all energy supply fields. SIEMENS SICAM A8000 RTUs have security vulnerabilities

Trust: 2.16

sources: NVD: CVE-2020-28396 // JVNDB: JVNDB-2020-014388 // CNVD: CNVD-2020-70926

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-70926

AFFECTED PRODUCTS

vendor:siemensmodel:sicam a8000 cp-8022scope:ltversion:16

Trust: 1.0

vendor:siemensmodel:sicam a8000 cp-8000scope:ltversion:16

Trust: 1.0

vendor:siemensmodel:sicam a8000 cp-8021scope:ltversion:16

Trust: 1.0

vendor:シーメンスmodel:sicam a8000 cp-8000scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:sicam a8000 cp-8021scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:sicam a8000 cp-8022scope: - version: -

Trust: 0.8

vendor:siemensmodel:sicam a8000 cp-8000scope:ltversion:v16

Trust: 0.6

vendor:siemensmodel:sicam a8000 cp-8021scope:ltversion:v16

Trust: 0.6

vendor:siemensmodel:sicam a8000 cp-8022scope:ltversion:v16

Trust: 0.6

sources: CNVD: CNVD-2020-70926 // JVNDB: JVNDB-2020-014388 // NVD: CVE-2020-28396

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-28396
value: HIGH

Trust: 1.0

NVD: CVE-2020-28396
value: HIGH

Trust: 0.8

CNVD: CNVD-2020-70926
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202012-707
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2020-28396
severity: MEDIUM
baseScore: 4.9
vectorString: AV:N/AC:M/AU:S/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2020-70926
severity: HIGH
baseScore: 9.4
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 9.2
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-28396
baseSeverity: HIGH
baseScore: 7.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 2.1
impactScore: 5.2
version: 3.1

Trust: 1.0

NVD: CVE-2020-28396
baseSeverity: HIGH
baseScore: 7.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-70926 // JVNDB: JVNDB-2020-014388 // CNNVD: CNNVD-202012-707 // NVD: CVE-2020-28396

PROBLEMTYPE DATA

problemtype:CWE-327

Trust: 1.0

problemtype:CWE-693

Trust: 1.0

problemtype:Malfunction of protection mechanism (CWE-693) [ Other ]

Trust: 0.8

sources: JVNDB: JVNDB-2020-014388 // NVD: CVE-2020-28396

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202012-707

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202012-707

PATCH

title:SSA-415783url:https://cert-portal.siemens.com/productcert/pdf/ssa-415783.pdf

Trust: 0.8

title:Siemens SICAM A8000 RTUs SSL configuration insecure vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/241885

Trust: 0.6

title:Siemens SICAM A8000 Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=136206

Trust: 0.6

sources: CNVD: CNVD-2020-70926 // JVNDB: JVNDB-2020-014388 // CNNVD: CNNVD-202012-707

EXTERNAL IDS

db:NVDid:CVE-2020-28396

Trust: 3.0

db:SIEMENSid:SSA-415783

Trust: 2.2

db:ZDIid:ZDI-21-062

Trust: 1.6

db:JVNid:JVNVU90453244

Trust: 0.8

db:JVNDBid:JVNDB-2020-014388

Trust: 0.8

db:CNVDid:CNVD-2020-70926

Trust: 0.6

db:AUSCERTid:ESB-2020.4359

Trust: 0.6

db:ICS CERTid:ICSA-20-343-07

Trust: 0.6

db:CNNVDid:CNNVD-202012-707

Trust: 0.6

sources: CNVD: CNVD-2020-70926 // JVNDB: JVNDB-2020-014388 // CNNVD: CNNVD-202012-707 // NVD: CVE-2020-28396

REFERENCES

url:https://cert-portal.siemens.com/productcert/pdf/ssa-415783.pdf

Trust: 2.2

url:https://www.zerodayinitiative.com/advisories/zdi-21-062/

Trust: 1.6

url:https://nvd.nist.gov/vuln/detail/cve-2020-28396

Trust: 1.4

url:https://jvn.jp/vu/jvnvu90453244/index.html

Trust: 0.8

url:https://www.auscert.org.au/bulletins/esb-2020.4359/

Trust: 0.6

url:https://us-cert.cisa.gov/ics/advisories/icsa-20-343-07

Trust: 0.6

sources: CNVD: CNVD-2020-70926 // JVNDB: JVNDB-2020-014388 // CNNVD: CNNVD-202012-707 // NVD: CVE-2020-28396

SOURCES

db:CNVDid:CNVD-2020-70926
db:JVNDBid:JVNDB-2020-014388
db:CNNVDid:CNNVD-202012-707
db:NVDid:CVE-2020-28396

LAST UPDATE DATE

2024-11-23T19:40:48.166000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2020-70926date:2020-12-12T00:00:00
db:JVNDBid:JVNDB-2020-014388date:2021-08-17T08:16:00
db:CNNVDid:CNNVD-202012-707date:2022-08-10T00:00:00
db:NVDid:CVE-2020-28396date:2024-11-21T05:22:43.117

SOURCES RELEASE DATE

db:CNVDid:CNVD-2020-70926date:2020-12-11T00:00:00
db:JVNDBid:JVNDB-2020-014388date:2021-08-17T00:00:00
db:CNNVDid:CNNVD-202012-707date:2020-12-08T00:00:00
db:NVDid:CVE-2020-28396date:2020-12-14T21:15:21.067