Details of VAR-202105-0073

ID

VAR-202105-0073

CVE

CVE-2020-15782

TITLE

Buffer error vulnerabilities in multiple Siemens products

Trust: 0.8

sources: JVNDB: JVNDB-2021-007649

DESCRIPTION

A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V21.9), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.5.0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V2.9.2), SIMATIC S7-1500 Software Controller (All versions < V21.9), SIMATIC S7-PLCSIM Advanced (All versions < V4.0), SINAMICS PERFECT HARMONY GH180 Drives (Drives manufactured before 2021-08-13), SINUMERIK MC (All versions < V6.15), SINUMERIK ONE (All versions < V6.15). Affected devices are vulnerable to a memory protection bypass through a specific operation. A remote unauthenticated attacker with network access to port 102/tcp could potentially write arbitrary data and code to protected memory areas or read sensitive data to launch further attacks. Multiple Siemens products contain buffer error vulnerabilities.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Siemens SIMATIC S7-1200 and S7-1500 CPU series products are designed for discrete and continuous control in industrial environments, such as global manufacturing, food and beverage, and chemical industries. The Siemens SIMATIC S7-1200 and S7-1500 CPU series have security vulnerabilities. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Trust: 2.79

sources: NVD: CVE-2020-15782 // JVNDB: JVNDB-2021-007649 // CNVD: CNVD-2021-37944 // CNNVD: CNNVD-202104-975 // VULMON: CVE-2020-15782

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-37944

AFFECTED PRODUCTS

vendor:	siemens	model:	s7-1200 cpu	scope:	lt	version:	4.5.0	Trust: 1.0
vendor:	siemens	model:	simatic s7-1500 software controller	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	s7-1500 cpu	scope:	lt	version:	2.9.2	Trust: 1.0
vendor:	siemens	model:	simatic s7-plcsim advanced	scope:	lt	version:	4.0	Trust: 1.0
vendor:	siemens	model:	simatic driver controller	scope:	lt	version:	2.9.2	Trust: 1.0
vendor:	siemens	model:	et 200sp open controller	scope:	eq	version:	*	Trust: 1.0
vendor:	シーメンス	model:	simatic s7-1500 cpu	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	simatic s7-1500 software controller	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	simatic s7-plcsim advanced	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	simatic et 200sp open controller	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	simatic s7-1200 cpu	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	simatic driver controller	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	simatic drive controller family	scope:	lt	version:	v2.9.2	Trust: 0.6
vendor:	siemens	model:	simatic s7-1500 software controller	scope:	-	version:	-	Trust: 0.6
vendor:	siemens	model:	simatic s7-plcsim advanced	scope:	-	version:	-	Trust: 0.6
vendor:	siemens	model:	simatic s7-1500 cpu family	scope:	lt	version:	v2.9.2	Trust: 0.6
vendor:	siemens	model:	simatic s7-1200 cpu family	scope:	lt	version:	v4.5.0	Trust: 0.6
vendor:	siemens	model:	simatic et 200sp open controller cpu 1515sp pc	scope:	-	version:	-	Trust: 0.6
vendor:	siemens	model:	simatic et 200sp open controller cpu 1515sp pc2	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2021-37944 // JVNDB: JVNDB-2021-007649 // NVD: CVE-2020-15782

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-15782
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2020-15782
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2021-37944
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202105-1957
value:	CRITICAL
Trust: 0.6
VULMON:	CVE-2020-15782
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2020-15782
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2021-37944
severity:	HIGH
baseScore:	7.6
vectorString:	AV:N/AC:H/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	4.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2020-15782
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2020-15782
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2021-37944 // VULMON: CVE-2020-15782 // JVNDB: JVNDB-2021-007649 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-1957 // NVD: CVE-2020-15782

PROBLEMTYPE DATA

problemtype:	CWE-119	Trust: 1.0
problemtype:	Buffer error (CWE-119) [ Other ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-007649 // NVD: CVE-2020-15782

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202105-1957

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:	SSA-434536	url:	https://cert-portal.siemens.com/productcert/pdf/ssa-434534.pdf	Trust: 0.8
title:	Patch for Siemens SIMATIC S7-1200 and S7-1500 CPU series memory protection bypass vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/269101	Trust: 0.6
title:	Siemens SIMATIC Repair measures for buffer errors and vulnerabilities in many products	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=153864	Trust: 0.6
title:	Siemens Security Advisories: Siemens Security Advisory	url:	https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=7584f4eb43b539d25d824fb015a2cf5a	Trust: 0.1
title:	Siemens Security Advisories: Siemens Security Advisory	url:	https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=a901d703a0d80e4b3488817a077f83d4	Trust: 0.1
title:	Siemens Security Advisories: Siemens Security Advisory	url:	https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=616f1ddfa275fcc72669b5a7b8153f51	Trust: 0.1

sources: CNVD: CNVD-2021-37944 // VULMON: CVE-2020-15782 // JVNDB: JVNDB-2021-007649 // CNNVD: CNNVD-202105-1957

EXTERNAL IDS

db:	NVD	id:	CVE-2020-15782	Trust: 3.9
db:	SIEMENS	id:	SSA-434534	Trust: 2.3
db:	SIEMENS	id:	SSA-434535	Trust: 1.7
db:	SIEMENS	id:	SSA-434536	Trust: 1.7
db:	JVNDB	id:	JVNDB-2021-007649	Trust: 0.8
db:	CNVD	id:	CNVD-2021-37944	Trust: 0.6
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	ICS CERT	id:	ICSA-21-152-01	Trust: 0.6
db:	ICS CERT	id:	ICSA-21-194-17	Trust: 0.6
db:	CS-HELP	id:	SB2021071418	Trust: 0.6
db:	CS-HELP	id:	SB2021053102	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.1900	Trust: 0.6
db:	CNNVD	id:	CNNVD-202105-1957	Trust: 0.6
db:	VULMON	id:	CVE-2020-15782	Trust: 0.1

sources: CNVD: CNVD-2021-37944 // VULMON: CVE-2020-15782 // JVNDB: JVNDB-2021-007649 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-1957 // NVD: CVE-2020-15782

REFERENCES

url:	https://cert-portal.siemens.com/productcert/pdf/ssa-434534.pdf	Trust: 2.3
url:	https://cert-portal.siemens.com/productcert/pdf/ssa-434536.pdf	Trust: 1.7
url:	https://cert-portal.siemens.com/productcert/pdf/ssa-434535.pdf	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-15782	Trust: 0.8
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://us-cert.cisa.gov/ics/advisories/icsa-21-152-01	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021071418	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021053102	Trust: 0.6
url:	https://us-cert.cisa.gov/ics/advisories/icsa-21-194-17	Trust: 0.6
url:	https://vigilance.fr/vulnerability/simatic-read-write-access-via-memory-protection-bypass-35564	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.1900	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/119.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://cert-portal.siemens.com/productcert/txt/ssa-434534.txt	Trust: 0.1

sources: CNVD: CNVD-2021-37944 // VULMON: CVE-2020-15782 // JVNDB: JVNDB-2021-007649 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-1957 // NVD: CVE-2020-15782

CREDITS

Tal Keren from Claroty reported this vulnerability to Siemens.

Trust: 0.6

sources: CNNVD: CNNVD-202105-1957

SOURCES

db:	CNVD	id:	CNVD-2021-37944
db:	VULMON	id:	CVE-2020-15782
db:	JVNDB	id:	JVNDB-2021-007649
db:	CNNVD	id:	CNNVD-202104-975
db:	CNNVD	id:	CNNVD-202105-1957
db:	NVD	id:	CVE-2020-15782

LAST UPDATE DATE

2024-08-14T12:10:27.092000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-37944	date:	2021-05-31T00:00:00
db:	VULMON	id:	CVE-2020-15782	date:	2021-07-13T00:00:00
db:	JVNDB	id:	JVNDB-2021-007649	date:	2022-02-18T09:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	CNNVD	id:	CNNVD-202105-1957	date:	2021-09-15T00:00:00
db:	NVD	id:	CVE-2020-15782	date:	2021-09-14T11:15:16.220

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-37944	date:	2021-05-31T00:00:00
db:	VULMON	id:	CVE-2020-15782	date:	2021-05-28T00:00:00
db:	JVNDB	id:	JVNDB-2021-007649	date:	2022-02-18T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	CNNVD	id:	CNNVD-202105-1957	date:	2021-05-28T00:00:00
db:	NVD	id:	CVE-2020-15782	date:	2021-05-28T16:15:07.790