ID

VAR-202105-0073


CVE

CVE-2020-15782


TITLE

Buffer error vulnerabilities in multiple Siemens products

Trust: 0.8

sources: JVNDB: JVNDB-2021-007649

DESCRIPTION

A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V21.9), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.5.0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V2.9.2), SIMATIC S7-1500 Software Controller (All versions < V21.9), SIMATIC S7-PLCSIM Advanced (All versions < V4.0), SINAMICS PERFECT HARMONY GH180 Drives (Drives manufactured before 2021-08-13), SINUMERIK MC (All versions < V6.15), SINUMERIK ONE (All versions < V6.15). Affected devices are vulnerable to a memory protection bypass through a specific operation. A remote unauthenticated attacker with network access to port 102/tcp could potentially write arbitrary data and code to protected memory areas or read sensitive data to launch further attacks. Multiple Siemens products contain buffer error vulnerabilities.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Siemens SIMATIC S7-1200 and S7-1500 CPU series products are designed for discrete and continuous control in industrial environments, such as global manufacturing, food and beverage, and chemical industries. The Siemens SIMATIC S7-1200 and S7-1500 CPU series have security vulnerabilities. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Trust: 2.79

sources: NVD: CVE-2020-15782 // JVNDB: JVNDB-2021-007649 // CNVD: CNVD-2021-37944 // CNNVD: CNNVD-202104-975 // VULMON: CVE-2020-15782

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-37944

AFFECTED PRODUCTS

vendor:siemensmodel:s7-1200 cpuscope:ltversion:4.5.0

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 software controllerscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:s7-1500 cpuscope:ltversion:2.9.2

Trust: 1.0

vendor:siemensmodel:simatic s7-plcsim advancedscope:ltversion:4.0

Trust: 1.0

vendor:siemensmodel:simatic driver controllerscope:ltversion:2.9.2

Trust: 1.0

vendor:siemensmodel:et 200sp open controllerscope:eqversion:*

Trust: 1.0

vendor:シーメンスmodel:simatic s7-1500 cpuscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic s7-1500 software controllerscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic s7-plcsim advancedscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic et 200sp open controllerscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic s7-1200 cpuscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic driver controllerscope: - version: -

Trust: 0.8

vendor:siemensmodel:simatic drive controller familyscope:ltversion:v2.9.2

Trust: 0.6

vendor:siemensmodel:simatic s7-1500 software controllerscope: - version: -

Trust: 0.6

vendor:siemensmodel:simatic s7-plcsim advancedscope: - version: -

Trust: 0.6

vendor:siemensmodel:simatic s7-1500 cpu familyscope:ltversion:v2.9.2

Trust: 0.6

vendor:siemensmodel:simatic s7-1200 cpu familyscope:ltversion:v4.5.0

Trust: 0.6

vendor:siemensmodel:simatic et 200sp open controller cpu 1515sp pcscope: - version: -

Trust: 0.6

vendor:siemensmodel:simatic et 200sp open controller cpu 1515sp pc2scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2021-37944 // JVNDB: JVNDB-2021-007649 // NVD: CVE-2020-15782

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-15782
value: CRITICAL

Trust: 1.0

NVD: CVE-2020-15782
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2021-37944
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202105-1957
value: CRITICAL

Trust: 0.6

VULMON: CVE-2020-15782
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2020-15782
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2021-37944
severity: HIGH
baseScore: 7.6
vectorString: AV:N/AC:H/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 4.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-15782
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2020-15782
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2021-37944 // VULMON: CVE-2020-15782 // JVNDB: JVNDB-2021-007649 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-1957 // NVD: CVE-2020-15782

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.0

problemtype:Buffer error (CWE-119) [ Other ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-007649 // NVD: CVE-2020-15782

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202105-1957

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:SSA-434536url:https://cert-portal.siemens.com/productcert/pdf/ssa-434534.pdf

Trust: 0.8

title:Patch for Siemens SIMATIC S7-1200 and S7-1500 CPU series memory protection bypass vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/269101

Trust: 0.6

title:Siemens SIMATIC Repair measures for buffer errors and vulnerabilities in many productsurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=153864

Trust: 0.6

title:Siemens Security Advisories: Siemens Security Advisoryurl:https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=7584f4eb43b539d25d824fb015a2cf5a

Trust: 0.1

title:Siemens Security Advisories: Siemens Security Advisoryurl:https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=a901d703a0d80e4b3488817a077f83d4

Trust: 0.1

title:Siemens Security Advisories: Siemens Security Advisoryurl:https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=616f1ddfa275fcc72669b5a7b8153f51

Trust: 0.1

sources: CNVD: CNVD-2021-37944 // VULMON: CVE-2020-15782 // JVNDB: JVNDB-2021-007649 // CNNVD: CNNVD-202105-1957

EXTERNAL IDS

db:NVDid:CVE-2020-15782

Trust: 3.9

db:SIEMENSid:SSA-434534

Trust: 2.3

db:SIEMENSid:SSA-434535

Trust: 1.7

db:SIEMENSid:SSA-434536

Trust: 1.7

db:JVNDBid:JVNDB-2021-007649

Trust: 0.8

db:CNVDid:CNVD-2021-37944

Trust: 0.6

db:CS-HELPid:SB2021041363

Trust: 0.6

db:CNNVDid:CNNVD-202104-975

Trust: 0.6

db:ICS CERTid:ICSA-21-152-01

Trust: 0.6

db:ICS CERTid:ICSA-21-194-17

Trust: 0.6

db:CS-HELPid:SB2021071418

Trust: 0.6

db:CS-HELPid:SB2021053102

Trust: 0.6

db:AUSCERTid:ESB-2021.1900

Trust: 0.6

db:CNNVDid:CNNVD-202105-1957

Trust: 0.6

db:VULMONid:CVE-2020-15782

Trust: 0.1

sources: CNVD: CNVD-2021-37944 // VULMON: CVE-2020-15782 // JVNDB: JVNDB-2021-007649 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-1957 // NVD: CVE-2020-15782

REFERENCES

url:https://cert-portal.siemens.com/productcert/pdf/ssa-434534.pdf

Trust: 2.3

url:https://cert-portal.siemens.com/productcert/pdf/ssa-434536.pdf

Trust: 1.7

url:https://cert-portal.siemens.com/productcert/pdf/ssa-434535.pdf

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2020-15782

Trust: 0.8

url:https://www.cybersecurity-help.cz/vdb/sb2021041363

Trust: 0.6

url:https://us-cert.cisa.gov/ics/advisories/icsa-21-152-01

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021071418

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021053102

Trust: 0.6

url:https://us-cert.cisa.gov/ics/advisories/icsa-21-194-17

Trust: 0.6

url:https://vigilance.fr/vulnerability/simatic-read-write-access-via-memory-protection-bypass-35564

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1900

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/119.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://cert-portal.siemens.com/productcert/txt/ssa-434534.txt

Trust: 0.1

sources: CNVD: CNVD-2021-37944 // VULMON: CVE-2020-15782 // JVNDB: JVNDB-2021-007649 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-1957 // NVD: CVE-2020-15782

CREDITS

Tal Keren from Claroty reported this vulnerability to Siemens.

Trust: 0.6

sources: CNNVD: CNNVD-202105-1957

SOURCES

db:CNVDid:CNVD-2021-37944
db:VULMONid:CVE-2020-15782
db:JVNDBid:JVNDB-2021-007649
db:CNNVDid:CNNVD-202104-975
db:CNNVDid:CNNVD-202105-1957
db:NVDid:CVE-2020-15782

LAST UPDATE DATE

2024-08-14T12:10:27.092000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2021-37944date:2021-05-31T00:00:00
db:VULMONid:CVE-2020-15782date:2021-07-13T00:00:00
db:JVNDBid:JVNDB-2021-007649date:2022-02-18T09:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:CNNVDid:CNNVD-202105-1957date:2021-09-15T00:00:00
db:NVDid:CVE-2020-15782date:2021-09-14T11:15:16.220

SOURCES RELEASE DATE

db:CNVDid:CNVD-2021-37944date:2021-05-31T00:00:00
db:VULMONid:CVE-2020-15782date:2021-05-28T00:00:00
db:JVNDBid:JVNDB-2021-007649date:2022-02-18T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:CNNVDid:CNNVD-202105-1957date:2021-05-28T00:00:00
db:NVDid:CVE-2020-15782date:2021-05-28T16:15:07.790