ID

VAR-202103-0210


CVE

CVE-2020-27632


TITLE

SIMATIC MV400 family  Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-016226

DESCRIPTION

In SIMATIC MV400 family versions prior to v7.0.6, the ISN generator is initialized with a constant value and has constant increments. An attacker could predict and hijack TCP sessions. SIMATIC MV400 family Exists in unspecified vulnerabilities.Information may be tampered with. Siemens SIMATIC MV400 is an industrial equipment of Germany's Siemens (Siemens) company. Used for optical identification. The Siemens SIMATIC MV400 series TCP protocol stack has security vulnerabilities

Trust: 2.7

sources: NVD: CVE-2020-27632 // JVNDB: JVNDB-2020-016226 // CNVD: CNVD-2021-16442 // CNNVD: CNNVD-202102-1076

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-16442

AFFECTED PRODUCTS

vendor:siemensmodel:simatic mv440scope:ltversion:7.0.6

Trust: 1.0

vendor:siemensmodel:simatic mv420scope:ltversion:7.0.6

Trust: 1.0

vendor:シーメンスmodel:simatic ident mv440 familyscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic ident mv420 familyscope: - version: -

Trust: 0.8

vendor:siemensmodel:simatic mv400 familyscope:ltversion:7.0.6

Trust: 0.6

sources: CNVD: CNVD-2021-16442 // JVNDB: JVNDB-2020-016226 // NVD: CVE-2020-27632

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-27632
value: HIGH

Trust: 1.0

NVD: CVE-2020-27632
value: HIGH

Trust: 0.8

CNVD: CNVD-2021-16442
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202102-1076
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2020-27632
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2021-16442
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:C/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: COMPLETE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-27632
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2020-27632
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2021-16442 // JVNDB: JVNDB-2020-016226 // CNNVD: CNNVD-202102-1076 // NVD: CVE-2020-27632

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:Lack of information (CWE-noinfo) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2020-016226 // NVD: CVE-2020-27632

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202102-1076

TYPE

security feature problem

Trust: 0.6

sources: CNNVD: CNNVD-202102-1076

PATCH

title:SSA-599268url:https://cert-portal.siemens.com/productcert/pdf/ssa-599268.pdf

Trust: 0.8

title:Repair measures for security feature vulnerabilities of multiple productsurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=142809

Trust: 0.6

sources: JVNDB: JVNDB-2020-016226 // CNNVD: CNNVD-202102-1076

EXTERNAL IDS

db:NVDid:CVE-2020-27632

Trust: 3.8

db:ICS CERTid:ICSA-21-042-01

Trust: 2.4

db:SIEMENSid:SSA-599268

Trust: 2.2

db:ICS CERTid:ICSA-21-068-07

Trust: 1.4

db:JVNid:JVNVU93441670

Trust: 0.8

db:JVNid:JVNVU90767599

Trust: 0.8

db:JVNDBid:JVNDB-2020-016226

Trust: 0.8

db:CNVDid:CNVD-2021-16442

Trust: 0.6

db:AUSCERTid:ESB-2021.0852

Trust: 0.6

db:AUSCERTid:ESB-2021.0538

Trust: 0.6

db:CNNVDid:CNNVD-202102-1076

Trust: 0.6

sources: CNVD: CNVD-2021-16442 // JVNDB: JVNDB-2020-016226 // CNNVD: CNNVD-202102-1076 // NVD: CVE-2020-27632

REFERENCES

url:https://cert-portal.siemens.com/productcert/pdf/ssa-599268.pdf

Trust: 2.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-27632

Trust: 1.4

url:https://us-cert.cisa.gov/ics/advisories/icsa-21-042-01

Trust: 1.4

url:https://www.cisa.gov/news-events/ics-advisories/icsa-21-042-01

Trust: 1.0

url:https://www.forescout.com/resources/numberjack-weak-isn-generation-in-embedded-tcpip-stacks/

Trust: 1.0

url:http://jvn.jp/vu/jvnvu90767599/index.html

Trust: 0.8

url:https://jvn.jp/vu/jvnvu93441670/index.html

Trust: 0.8

url:https://www.cisa.gov/news-events/ics-advisories/icsa-21-068-07

Trust: 0.8

url:https://vigilance.fr/vulnerability/siemens-simatic-mv400-two-vulnerabilities-via-tcp-stack-34783

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.0852

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.0538

Trust: 0.6

url:https://us-cert.cisa.gov/ics/advisories/icsa-21-068-07

Trust: 0.6

sources: CNVD: CNVD-2021-16442 // JVNDB: JVNDB-2020-016226 // CNNVD: CNNVD-202102-1076 // NVD: CVE-2020-27632

CREDITS

and Amine Amri of Forescout Research Labs reported these vulnerabilities to CISA., Stanislav Dashevskyi,Daniel dos Santos, Jos Wetzels

Trust: 0.6

sources: CNNVD: CNNVD-202102-1076

SOURCES

db:CNVDid:CNVD-2021-16442
db:JVNDBid:JVNDB-2020-016226
db:CNNVDid:CNNVD-202102-1076
db:NVDid:CVE-2020-27632

LAST UPDATE DATE

2024-09-13T21:52:52.217000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2021-16442date:2021-03-23T00:00:00
db:JVNDBid:JVNDB-2020-016226date:2024-09-12T07:19:00
db:CNNVDid:CNNVD-202102-1076date:2021-11-12T00:00:00
db:NVDid:CVE-2020-27632date:2023-10-10T17:15:10.510

SOURCES RELEASE DATE

db:CNVDid:CNVD-2021-16442date:2021-03-11T00:00:00
db:JVNDBid:JVNDB-2020-016226date:2021-11-15T00:00:00
db:CNNVDid:CNNVD-202102-1076date:2021-02-11T00:00:00
db:NVDid:CVE-2020-27632date:2021-03-10T18:15:12.797