ID

VAR-202108-2236


CVE

CVE-2020-28397


TITLE

Fraudulent authentication vulnerabilities in multiple Siemens products

Trust: 0.8

sources: JVNDB: JVNDB-2021-010547

DESCRIPTION

A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V21.9), SIMATIC S7 PLCSIM Advanced (All versions > V2 < V4), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (Version V4.4), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions > V2.5 < V2.9.2), SIMATIC S7-1500 Software Controller (All versions > V2.5 < V21.9), TIM 1531 IRC (incl. SIPLUS NET variants) (Version V2.1). Due to an incorrect authorization check in the affected component, an attacker could extract information about access protected PLC program variables over port 102/tcp from an affected device when reading multiple attributes at once. Multiple Siemens products contain fraudulent authentication vulnerabilities.Information may be obtained. Siemens SIMATIC S7-1500 CPU and SIMATIC S7-1500 are the products of Germany Siemens (Siemens) company. The SIMATIC S7-1500 CPU is a CPU (Central Processing Unit) module. The SIMATIC S7-1500 is a programmable logic controller. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Trust: 2.79

sources: NVD: CVE-2020-28397 // JVNDB: JVNDB-2021-010547 // CNVD: CNVD-2021-61122 // CNNVD: CNNVD-202104-975 // VULMON: CVE-2020-28397

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-61122

AFFECTED PRODUCTS

vendor:siemensmodel:siplus cpu 1518f-4 pn\/dpscope:ltversion:2.9.2

Trust: 1.0

vendor:siemensmodel:cpu 1515-2scope:ltversion:2.9.2

Trust: 1.0

vendor:siemensmodel:siplus cpu-1516f-3 pn\/dpscope:ltversion:2.9.2

Trust: 1.0

vendor:siemensmodel:cpu 1507d tfscope:ltversion:2.9.2

Trust: 1.0

vendor:siemensmodel:cpu 1516pro-2 pnscope:ltversion:2.9.2

Trust: 1.0

vendor:siemensmodel:cpu 1515-2scope:gteversion:2.5

Trust: 1.0

vendor:siemensmodel:cpu 1515f-2scope:ltversion:2.9.2

Trust: 1.0

vendor:siemensmodel:siplus cpu 1518-4 pn\/dpscope:ltversion:2.9.2

Trust: 1.0

vendor:siemensmodel:cpu 1517f-3 pn\/dpscope:ltversion:2.9.2

Trust: 1.0

vendor:siemensmodel:cpu 1510sp-1pnscope:gteversion:2.5

Trust: 1.0

vendor:siemensmodel:cpu 1215cscope:eqversion:4.4

Trust: 1.0

vendor:siemensmodel:cpu 1515t-2 pnscope:gteversion:2.5

Trust: 1.0

vendor:siemensmodel:cpu 1511tf-1pnscope:gteversion:2.5

Trust: 1.0

vendor:siemensmodel:cpu 1212cscope:eqversion:4.4

Trust: 1.0

vendor:siemensmodel:cpu 1217cscope:eqversion:4.4

Trust: 1.0

vendor:siemensmodel:cpu 1215fcscope:eqversion:4.4

Trust: 1.0

vendor:siemensmodel:siplus cpu 1513f-1 pnscope:ltversion:2.9.2

Trust: 1.0

vendor:siemensmodel:siplus cpu 1513-1 pnscope:ltversion:2.9.2

Trust: 1.0

vendor:siemensmodel:siplus cpu 1511f-1 pnscope:gteversion:2.5

Trust: 1.0

vendor:siemensmodel:cpu 1517tf-3 pn\/dpscope:gteversion:2.5

Trust: 1.0

vendor:siemensmodel:siplus cpu 1512sp f-1pnscope:ltversion:2.9.2

Trust: 1.0

vendor:siemensmodel:cpu 1516tf-3 pn\/dpscope:gteversion:2.5

Trust: 1.0

vendor:siemensmodel:cpu 1513pro f-2 pnscope:gteversion:2.5

Trust: 1.0

vendor:siemensmodel:cpu 1515r-2 pnscope:gteversion:2.5

Trust: 1.0

vendor:siemensmodel:cpu 1512sp-1 pnscope:gteversion:2.5

Trust: 1.0

vendor:siemensmodel:cpu 1516t-3 pn\/dpscope:gteversion:2.5

Trust: 1.0

vendor:siemensmodel:siplus cpu 1512sp f-1pnscope:gteversion:2.5

Trust: 1.0

vendor:siemensmodel:siplus cpu 1516-3 pn\/dpscope:ltversion:2.9.2

Trust: 1.0

vendor:siemensmodel:cpu 1212fcscope:eqversion:4.4

Trust: 1.0

vendor:siemensmodel:cpu 1515tf-2 pnscope:ltversion:2.9.2

Trust: 1.0

vendor:siemensmodel:cpu 1511c-1 pnscope:gteversion:2.5

Trust: 1.0

vendor:siemensmodel:cpu 1211cscope:eqversion:4.4

Trust: 1.0

vendor:siemensmodel:siplus cpu 1511-1 pnscope:gteversion:2.5

Trust: 1.0

vendor:siemensmodel:cpu 1513-1 pnscope:ltversion:2.9.2

Trust: 1.0

vendor:siemensmodel:cpu 1516f-3scope:ltversion:2.9.2.

Trust: 1.0

vendor:siemensmodel:siplus cpu 1516-3 pn\/dpscope:gteversion:2.5

Trust: 1.0

vendor:siemensmodel:cpu 1511-1pnscope:ltversion:2.9.2

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 software controllerscope:ltversion:21.9

Trust: 1.0

vendor:siemensmodel:cpu 1516-3scope:gteversion:2.5

Trust: 1.0

vendor:siemensmodel:cpu 1516pro f-2 pnscope:gteversion:2.5

Trust: 1.0

vendor:siemensmodel:cpu 1517t-3 pn\/dpscope:gteversion:2.5

Trust: 1.0

vendor:siemensmodel:cpu 1512sp f-1 pnscope:gteversion:2.5

Trust: 1.0

vendor:siemensmodel:cpu 1517-3 pn\/dpscope:ltversion:2.9.2

Trust: 1.0

vendor:siemensmodel:cpu1510sp f-1scope:gteversion:2.5

Trust: 1.0

vendor:siemensmodel:cpu 1513r-1 pnscope:ltversion:2.9.2

Trust: 1.0

vendor:siemensmodel:cpu 1511t-1pnscope:ltversion:2.9.2

Trust: 1.0

vendor:siemensmodel:cpu 1214fcscope:eqversion:4.4

Trust: 1.0

vendor:siemensmodel:cpu 1214cscope:eqversion:4.4

Trust: 1.0

vendor:siemensmodel:cpu 1512c-1 pnscope:gteversion:2.5

Trust: 1.0

vendor:siemensmodel:siplus cpu 1518f-4 pn\/dpscope:gteversion:2.5

Trust: 1.0

vendor:siemensmodel:cpu 1517t-3 pn\/dpscope:ltversion:2.9.2

Trust: 1.0

vendor:siemensmodel:cpu 1516pro f-2 pnscope:ltversion:2.9.2

Trust: 1.0

vendor:siemensmodel:tim 1531 ircscope:eqversion:2.1

Trust: 1.0

vendor:siemensmodel:siplus cpu-1516f-3 pn\/dpscope:gteversion:2.5

Trust: 1.0

vendor:siemensmodel:cpu 1510sp-1pnscope:ltversion:2.9.2

Trust: 1.0

vendor:siemensmodel:siplus cpu 1512sp-1 pnscope:ltversion:2.9.2

Trust: 1.0

vendor:siemensmodel:cpu 1516pro-2 pnscope:gteversion:2.5

Trust: 1.0

vendor:siemensmodel:cpu 1518f-4 pn\/dpscope:ltversion:2.9.2

Trust: 1.0

vendor:siemensmodel:cpu 1518f-4 pn\/dpscope:gteversion:2.5

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 software controllerscope:gteversion:2.5

Trust: 1.0

vendor:siemensmodel:simatic s7 plcsim advancedscope:gteversion:2.0

Trust: 1.0

vendor:siemensmodel:siplus cpu 1512sp-1 pnscope:gteversion:2.5

Trust: 1.0

vendor:siemensmodel:cpu 1517f-3 pn\/dpscope:gteversion:2.5

Trust: 1.0

vendor:siemensmodel:cpu 1504d tfscope:ltversion:2.9.2

Trust: 1.0

vendor:siemensmodel:simatic s7 plcsim advancedscope:ltversion:4.0

Trust: 1.0

vendor:siemensmodel:cpu 1515t-2 pnscope:ltversion:2.9.2

Trust: 1.0

vendor:siemensmodel:cpu 1515sp pc2 tfscope:ltversion:21.9

Trust: 1.0

vendor:siemensmodel:cpu 1511tf-1pnscope:ltversion:2.9.2

Trust: 1.0

vendor:siemensmodel:cpu 1513f-1 pnscope:gteversion:2.5

Trust: 1.0

vendor:siemensmodel:cpu 1516f-3scope:gteversion:2.5

Trust: 1.0

vendor:siemensmodel:siplus cpu 1513-1 pnscope:gteversion:2.5

Trust: 1.0

vendor:siemensmodel:siplus cpu 1513f-1 pnscope:gteversion:2.5

Trust: 1.0

vendor:siemensmodel:cpu 1511f-1pnscope:ltversion:2.9.2

Trust: 1.0

vendor:siemensmodel:siplus cpu 1510sp f-1pnscope:gteversion:2.5

Trust: 1.0

vendor:siemensmodel:cpu 1511f-1pnscope:gteversion:2.5

Trust: 1.0

vendor:siemensmodel:cpu 1513f-1 pnscope:ltversion:2.9.2

Trust: 1.0

vendor:siemensmodel:siplus cpu 1511f-1 pnscope:ltversion:2.9.2

Trust: 1.0

vendor:siemensmodel:cpu 1517tf-3 pn\/dpscope:ltversion:2.9.2

Trust: 1.0

vendor:siemensmodel:siplus cpu 1510sp f-1pnscope:ltversion:2.9.2

Trust: 1.0

vendor:siemensmodel:cpu 1513pro f-2 pnscope:ltversion:2.9.2

Trust: 1.0

vendor:siemensmodel:cpu 1515r-2 pnscope:ltversion:2.9.2

Trust: 1.0

vendor:siemensmodel:cpu 1512sp-1 pnscope:ltversion:2.9.2

Trust: 1.0

vendor:siemensmodel:cpu 1516t-3 pn\/dpscope:ltversion:2.9.2

Trust: 1.0

vendor:siemensmodel:cpu 1515tf-2 pnscope:gteversion:2.5

Trust: 1.0

vendor:siemensmodel:cpu 1518-4 pn\/dpscope:ltversion:2.9.2

Trust: 1.0

vendor:siemensmodel:cpu 1518-4 pn\/dpscope:gteversion:2.5

Trust: 1.0

vendor:siemensmodel:cpu 1511-1pnscope:gteversion:2.5

Trust: 1.0

vendor:siemensmodel:cpu 1511c-1 pnscope:ltversion:2.9.2

Trust: 1.0

vendor:siemensmodel:siplus cpu 1511-1 pnscope:ltversion:2.9.2

Trust: 1.0

vendor:siemensmodel:cpu 1516tf-3 pn\/dpscope:ltversion:2.9.2

Trust: 1.0

vendor:siemensmodel:cpu 1512c-1 pnscope:ltversion:2.9.2

Trust: 1.0

vendor:siemensmodel:cpu 1517-3 pn\/dpscope:gteversion:2.5

Trust: 1.0

vendor:siemensmodel:cpu 1516-3scope:ltversion:2.9.2

Trust: 1.0

vendor:siemensmodel:cpu 1513-1 pnscope:gteversion:2.5

Trust: 1.0

vendor:siemensmodel:cpu 1512sp f-1 pnscope:ltversion:2.9.2

Trust: 1.0

vendor:siemensmodel:cpu 1513r-1 pnscope:gteversion:2.5

Trust: 1.0

vendor:siemensmodel:cpu 1511t-1pnscope:gteversion:2.5

Trust: 1.0

vendor:siemensmodel:cpu1510sp f-1scope:ltversion:2.9.2

Trust: 1.0

vendor:siemensmodel:cpu 1515f-2scope:gteversion:2.5

Trust: 1.0

vendor:siemensmodel:siplus cpu 1518-4 pn\/dpscope:gteversion:2.5

Trust: 1.0

vendor:シーメンスmodel:tim 1531 ircscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:cpu 1504d tfscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic s7-plcsim advancedscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:cpu 1507d tfscope: - version: -

Trust: 0.8

vendor:siemensmodel:simatic drive controller familyscope:ltversion:v2.9.2

Trust: 0.6

vendor:siemensmodel:simatic et 200sp open controller cpu 1515sp pc2scope: - version: -

Trust: 0.6

vendor:siemensmodel:simatic s7 plcsim advancedscope:gtversion:v2,<v4

Trust: 0.6

vendor:siemensmodel:simatic s7-1200 cpu familyscope:eqversion:v4.4

Trust: 0.6

vendor:siemensmodel:simatic s7-1500 cpu familyscope:gtversion:v2.5,<v2.9.2

Trust: 0.6

vendor:siemensmodel:simatic s7-1500 software controllerscope:gtversion:v2.5

Trust: 0.6

vendor:siemensmodel:tim ircscope:eqversion:1531v2.1

Trust: 0.6

sources: CNVD: CNVD-2021-61122 // JVNDB: JVNDB-2021-010547 // NVD: CVE-2020-28397

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-28397
value: MEDIUM

Trust: 1.0

NVD: CVE-2020-28397
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2021-61122
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202108-879
value: MEDIUM

Trust: 0.6

VULMON: CVE-2020-28397
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-28397
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2021-61122
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-28397
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: CVE-2020-28397
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2021-61122 // VULMON: CVE-2020-28397 // JVNDB: JVNDB-2021-010547 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202108-879 // NVD: CVE-2020-28397

PROBLEMTYPE DATA

problemtype:CWE-863

Trust: 1.0

problemtype:Illegal authentication (CWE-863) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-010547 // NVD: CVE-2020-28397

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202108-879

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:SSA-865327url:https://cert-portal.siemens.com/productcert/pdf/ssa-865327.pdf

Trust: 0.8

title:Patch for Siemens SIMATIC S7-1500 CPU and SIMATIC S7-1500 Improper Authorization Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/285461

Trust: 0.6

title:Siemens SIMATIC S7-1500 CPU and SIMATIC S7-1500 Remediation measures for authorization problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=159714

Trust: 0.6

title:Siemens Security Advisories: Siemens Security Advisoryurl:https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=9cd5926ec23281f7dbb4df33b5aa9ff5

Trust: 0.1

sources: CNVD: CNVD-2021-61122 // VULMON: CVE-2020-28397 // JVNDB: JVNDB-2021-010547 // CNNVD: CNNVD-202108-879

EXTERNAL IDS

db:NVDid:CVE-2020-28397

Trust: 3.9

db:SIEMENSid:SSA-865327

Trust: 2.3

db:JVNDBid:JVNDB-2021-010547

Trust: 0.8

db:CNVDid:CNVD-2021-61122

Trust: 0.6

db:CS-HELPid:SB2021041363

Trust: 0.6

db:CNNVDid:CNNVD-202104-975

Trust: 0.6

db:ICS CERTid:ICSA-21-257-23

Trust: 0.6

db:CS-HELPid:SB2021081110

Trust: 0.6

db:CNNVDid:CNNVD-202108-879

Trust: 0.6

db:VULMONid:CVE-2020-28397

Trust: 0.1

sources: CNVD: CNVD-2021-61122 // VULMON: CVE-2020-28397 // JVNDB: JVNDB-2021-010547 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202108-879 // NVD: CVE-2020-28397

REFERENCES

url:https://cert-portal.siemens.com/productcert/pdf/ssa-865327.pdf

Trust: 2.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-28397

Trust: 0.8

url:https://www.cybersecurity-help.cz/vdb/sb2021041363

Trust: 0.6

url:https://us-cert.cisa.gov/ics/advisories/icsa-21-257-23

Trust: 0.6

url:https://vigilance.fr/vulnerability/simatic-information-disclosure-via-incorrect-authorization-check-36091

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021081110

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/863.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://cert-portal.siemens.com/productcert/txt/ssa-865327.txt

Trust: 0.1

sources: CNVD: CNVD-2021-61122 // VULMON: CVE-2020-28397 // JVNDB: JVNDB-2021-010547 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202108-879 // NVD: CVE-2020-28397

CREDITS

Siemens reported this vulnerability to CISA.

Trust: 0.6

sources: CNNVD: CNNVD-202108-879

SOURCES

db:CNVDid:CNVD-2021-61122
db:VULMONid:CVE-2020-28397
db:JVNDBid:JVNDB-2021-010547
db:CNNVDid:CNNVD-202104-975
db:CNNVDid:CNNVD-202108-879
db:NVDid:CVE-2020-28397

LAST UPDATE DATE

2024-08-14T12:40:19.181000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2021-61122date:2022-01-18T00:00:00
db:VULMONid:CVE-2020-28397date:2021-08-20T00:00:00
db:JVNDBid:JVNDB-2021-010547date:2022-07-05T02:10:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:CNNVDid:CNNVD-202108-879date:2021-09-15T00:00:00
db:NVDid:CVE-2020-28397date:2021-12-10T19:57:38.487

SOURCES RELEASE DATE

db:CNVDid:CNVD-2021-61122date:2021-08-11T00:00:00
db:VULMONid:CVE-2020-28397date:2021-08-10T00:00:00
db:JVNDBid:JVNDB-2021-010547date:2022-07-05T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:CNNVDid:CNNVD-202108-879date:2021-08-10T00:00:00
db:NVDid:CVE-2020-28397date:2021-08-10T11:15:07.423