Details of VAR-202108-2236

ID

VAR-202108-2236

CVE

CVE-2020-28397

TITLE

Fraudulent authentication vulnerabilities in multiple Siemens products

Trust: 0.8

sources: JVNDB: JVNDB-2021-010547

DESCRIPTION

A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V21.9), SIMATIC S7 PLCSIM Advanced (All versions > V2 < V4), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (Version V4.4), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions > V2.5 < V2.9.2), SIMATIC S7-1500 Software Controller (All versions > V2.5 < V21.9), TIM 1531 IRC (incl. SIPLUS NET variants) (Version V2.1). Due to an incorrect authorization check in the affected component, an attacker could extract information about access protected PLC program variables over port 102/tcp from an affected device when reading multiple attributes at once. Multiple Siemens products contain fraudulent authentication vulnerabilities.Information may be obtained. Siemens SIMATIC S7-1500 CPU and SIMATIC S7-1500 are the products of Germany Siemens (Siemens) company. The SIMATIC S7-1500 CPU is a CPU (Central Processing Unit) module. The SIMATIC S7-1500 is a programmable logic controller. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Trust: 2.79

sources: NVD: CVE-2020-28397 // JVNDB: JVNDB-2021-010547 // CNVD: CNVD-2021-61122 // CNNVD: CNNVD-202104-975 // VULMON: CVE-2020-28397

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-61122

AFFECTED PRODUCTS

vendor:	siemens	model:	siplus cpu 1518f-4 pn\/dp	scope:	lt	version:	2.9.2	Trust: 1.0
vendor:	siemens	model:	cpu 1515-2	scope:	lt	version:	2.9.2	Trust: 1.0
vendor:	siemens	model:	siplus cpu-1516f-3 pn\/dp	scope:	lt	version:	2.9.2	Trust: 1.0
vendor:	siemens	model:	cpu 1507d tf	scope:	lt	version:	2.9.2	Trust: 1.0
vendor:	siemens	model:	cpu 1516pro-2 pn	scope:	lt	version:	2.9.2	Trust: 1.0
vendor:	siemens	model:	cpu 1515-2	scope:	gte	version:	2.5	Trust: 1.0
vendor:	siemens	model:	cpu 1515f-2	scope:	lt	version:	2.9.2	Trust: 1.0
vendor:	siemens	model:	siplus cpu 1518-4 pn\/dp	scope:	lt	version:	2.9.2	Trust: 1.0
vendor:	siemens	model:	cpu 1517f-3 pn\/dp	scope:	lt	version:	2.9.2	Trust: 1.0
vendor:	siemens	model:	cpu 1510sp-1pn	scope:	gte	version:	2.5	Trust: 1.0
vendor:	siemens	model:	cpu 1215c	scope:	eq	version:	4.4	Trust: 1.0
vendor:	siemens	model:	cpu 1515t-2 pn	scope:	gte	version:	2.5	Trust: 1.0
vendor:	siemens	model:	cpu 1511tf-1pn	scope:	gte	version:	2.5	Trust: 1.0
vendor:	siemens	model:	cpu 1212c	scope:	eq	version:	4.4	Trust: 1.0
vendor:	siemens	model:	cpu 1217c	scope:	eq	version:	4.4	Trust: 1.0
vendor:	siemens	model:	cpu 1215fc	scope:	eq	version:	4.4	Trust: 1.0
vendor:	siemens	model:	siplus cpu 1513f-1 pn	scope:	lt	version:	2.9.2	Trust: 1.0
vendor:	siemens	model:	siplus cpu 1513-1 pn	scope:	lt	version:	2.9.2	Trust: 1.0
vendor:	siemens	model:	siplus cpu 1511f-1 pn	scope:	gte	version:	2.5	Trust: 1.0
vendor:	siemens	model:	cpu 1517tf-3 pn\/dp	scope:	gte	version:	2.5	Trust: 1.0
vendor:	siemens	model:	siplus cpu 1512sp f-1pn	scope:	lt	version:	2.9.2	Trust: 1.0
vendor:	siemens	model:	cpu 1516tf-3 pn\/dp	scope:	gte	version:	2.5	Trust: 1.0
vendor:	siemens	model:	cpu 1513pro f-2 pn	scope:	gte	version:	2.5	Trust: 1.0
vendor:	siemens	model:	cpu 1515r-2 pn	scope:	gte	version:	2.5	Trust: 1.0
vendor:	siemens	model:	cpu 1512sp-1 pn	scope:	gte	version:	2.5	Trust: 1.0
vendor:	siemens	model:	cpu 1516t-3 pn\/dp	scope:	gte	version:	2.5	Trust: 1.0
vendor:	siemens	model:	siplus cpu 1512sp f-1pn	scope:	gte	version:	2.5	Trust: 1.0
vendor:	siemens	model:	siplus cpu 1516-3 pn\/dp	scope:	lt	version:	2.9.2	Trust: 1.0
vendor:	siemens	model:	cpu 1212fc	scope:	eq	version:	4.4	Trust: 1.0
vendor:	siemens	model:	cpu 1515tf-2 pn	scope:	lt	version:	2.9.2	Trust: 1.0
vendor:	siemens	model:	cpu 1511c-1 pn	scope:	gte	version:	2.5	Trust: 1.0
vendor:	siemens	model:	cpu 1211c	scope:	eq	version:	4.4	Trust: 1.0
vendor:	siemens	model:	siplus cpu 1511-1 pn	scope:	gte	version:	2.5	Trust: 1.0
vendor:	siemens	model:	cpu 1513-1 pn	scope:	lt	version:	2.9.2	Trust: 1.0
vendor:	siemens	model:	cpu 1516f-3	scope:	lt	version:	2.9.2.	Trust: 1.0
vendor:	siemens	model:	siplus cpu 1516-3 pn\/dp	scope:	gte	version:	2.5	Trust: 1.0
vendor:	siemens	model:	cpu 1511-1pn	scope:	lt	version:	2.9.2	Trust: 1.0
vendor:	siemens	model:	simatic s7-1500 software controller	scope:	lt	version:	21.9	Trust: 1.0
vendor:	siemens	model:	cpu 1516-3	scope:	gte	version:	2.5	Trust: 1.0
vendor:	siemens	model:	cpu 1516pro f-2 pn	scope:	gte	version:	2.5	Trust: 1.0
vendor:	siemens	model:	cpu 1517t-3 pn\/dp	scope:	gte	version:	2.5	Trust: 1.0
vendor:	siemens	model:	cpu 1512sp f-1 pn	scope:	gte	version:	2.5	Trust: 1.0
vendor:	siemens	model:	cpu 1517-3 pn\/dp	scope:	lt	version:	2.9.2	Trust: 1.0
vendor:	siemens	model:	cpu1510sp f-1	scope:	gte	version:	2.5	Trust: 1.0
vendor:	siemens	model:	cpu 1513r-1 pn	scope:	lt	version:	2.9.2	Trust: 1.0
vendor:	siemens	model:	cpu 1511t-1pn	scope:	lt	version:	2.9.2	Trust: 1.0
vendor:	siemens	model:	cpu 1214fc	scope:	eq	version:	4.4	Trust: 1.0
vendor:	siemens	model:	cpu 1214c	scope:	eq	version:	4.4	Trust: 1.0
vendor:	siemens	model:	cpu 1512c-1 pn	scope:	gte	version:	2.5	Trust: 1.0
vendor:	siemens	model:	siplus cpu 1518f-4 pn\/dp	scope:	gte	version:	2.5	Trust: 1.0
vendor:	siemens	model:	cpu 1517t-3 pn\/dp	scope:	lt	version:	2.9.2	Trust: 1.0
vendor:	siemens	model:	cpu 1516pro f-2 pn	scope:	lt	version:	2.9.2	Trust: 1.0
vendor:	siemens	model:	tim 1531 irc	scope:	eq	version:	2.1	Trust: 1.0
vendor:	siemens	model:	siplus cpu-1516f-3 pn\/dp	scope:	gte	version:	2.5	Trust: 1.0
vendor:	siemens	model:	cpu 1510sp-1pn	scope:	lt	version:	2.9.2	Trust: 1.0
vendor:	siemens	model:	siplus cpu 1512sp-1 pn	scope:	lt	version:	2.9.2	Trust: 1.0
vendor:	siemens	model:	cpu 1516pro-2 pn	scope:	gte	version:	2.5	Trust: 1.0
vendor:	siemens	model:	cpu 1518f-4 pn\/dp	scope:	lt	version:	2.9.2	Trust: 1.0
vendor:	siemens	model:	cpu 1518f-4 pn\/dp	scope:	gte	version:	2.5	Trust: 1.0
vendor:	siemens	model:	simatic s7-1500 software controller	scope:	gte	version:	2.5	Trust: 1.0
vendor:	siemens	model:	simatic s7 plcsim advanced	scope:	gte	version:	2.0	Trust: 1.0
vendor:	siemens	model:	siplus cpu 1512sp-1 pn	scope:	gte	version:	2.5	Trust: 1.0
vendor:	siemens	model:	cpu 1517f-3 pn\/dp	scope:	gte	version:	2.5	Trust: 1.0
vendor:	siemens	model:	cpu 1504d tf	scope:	lt	version:	2.9.2	Trust: 1.0
vendor:	siemens	model:	simatic s7 plcsim advanced	scope:	lt	version:	4.0	Trust: 1.0
vendor:	siemens	model:	cpu 1515t-2 pn	scope:	lt	version:	2.9.2	Trust: 1.0
vendor:	siemens	model:	cpu 1515sp pc2 tf	scope:	lt	version:	21.9	Trust: 1.0
vendor:	siemens	model:	cpu 1511tf-1pn	scope:	lt	version:	2.9.2	Trust: 1.0
vendor:	siemens	model:	cpu 1513f-1 pn	scope:	gte	version:	2.5	Trust: 1.0
vendor:	siemens	model:	cpu 1516f-3	scope:	gte	version:	2.5	Trust: 1.0
vendor:	siemens	model:	siplus cpu 1513-1 pn	scope:	gte	version:	2.5	Trust: 1.0
vendor:	siemens	model:	siplus cpu 1513f-1 pn	scope:	gte	version:	2.5	Trust: 1.0
vendor:	siemens	model:	cpu 1511f-1pn	scope:	lt	version:	2.9.2	Trust: 1.0
vendor:	siemens	model:	siplus cpu 1510sp f-1pn	scope:	gte	version:	2.5	Trust: 1.0
vendor:	siemens	model:	cpu 1511f-1pn	scope:	gte	version:	2.5	Trust: 1.0
vendor:	siemens	model:	cpu 1513f-1 pn	scope:	lt	version:	2.9.2	Trust: 1.0
vendor:	siemens	model:	siplus cpu 1511f-1 pn	scope:	lt	version:	2.9.2	Trust: 1.0
vendor:	siemens	model:	cpu 1517tf-3 pn\/dp	scope:	lt	version:	2.9.2	Trust: 1.0
vendor:	siemens	model:	siplus cpu 1510sp f-1pn	scope:	lt	version:	2.9.2	Trust: 1.0
vendor:	siemens	model:	cpu 1513pro f-2 pn	scope:	lt	version:	2.9.2	Trust: 1.0
vendor:	siemens	model:	cpu 1515r-2 pn	scope:	lt	version:	2.9.2	Trust: 1.0
vendor:	siemens	model:	cpu 1512sp-1 pn	scope:	lt	version:	2.9.2	Trust: 1.0
vendor:	siemens	model:	cpu 1516t-3 pn\/dp	scope:	lt	version:	2.9.2	Trust: 1.0
vendor:	siemens	model:	cpu 1515tf-2 pn	scope:	gte	version:	2.5	Trust: 1.0
vendor:	siemens	model:	cpu 1518-4 pn\/dp	scope:	lt	version:	2.9.2	Trust: 1.0
vendor:	siemens	model:	cpu 1518-4 pn\/dp	scope:	gte	version:	2.5	Trust: 1.0
vendor:	siemens	model:	cpu 1511-1pn	scope:	gte	version:	2.5	Trust: 1.0
vendor:	siemens	model:	cpu 1511c-1 pn	scope:	lt	version:	2.9.2	Trust: 1.0
vendor:	siemens	model:	siplus cpu 1511-1 pn	scope:	lt	version:	2.9.2	Trust: 1.0
vendor:	siemens	model:	cpu 1516tf-3 pn\/dp	scope:	lt	version:	2.9.2	Trust: 1.0
vendor:	siemens	model:	cpu 1512c-1 pn	scope:	lt	version:	2.9.2	Trust: 1.0
vendor:	siemens	model:	cpu 1517-3 pn\/dp	scope:	gte	version:	2.5	Trust: 1.0
vendor:	siemens	model:	cpu 1516-3	scope:	lt	version:	2.9.2	Trust: 1.0
vendor:	siemens	model:	cpu 1513-1 pn	scope:	gte	version:	2.5	Trust: 1.0
vendor:	siemens	model:	cpu 1512sp f-1 pn	scope:	lt	version:	2.9.2	Trust: 1.0
vendor:	siemens	model:	cpu 1513r-1 pn	scope:	gte	version:	2.5	Trust: 1.0
vendor:	siemens	model:	cpu 1511t-1pn	scope:	gte	version:	2.5	Trust: 1.0
vendor:	siemens	model:	cpu1510sp f-1	scope:	lt	version:	2.9.2	Trust: 1.0
vendor:	siemens	model:	cpu 1515f-2	scope:	gte	version:	2.5	Trust: 1.0
vendor:	siemens	model:	siplus cpu 1518-4 pn\/dp	scope:	gte	version:	2.5	Trust: 1.0
vendor:	シーメンス	model:	tim 1531 irc	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	cpu 1504d tf	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	simatic s7-plcsim advanced	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	cpu 1507d tf	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	simatic drive controller family	scope:	lt	version:	v2.9.2	Trust: 0.6
vendor:	siemens	model:	simatic et 200sp open controller cpu 1515sp pc2	scope:	-	version:	-	Trust: 0.6
vendor:	siemens	model:	simatic s7 plcsim advanced	scope:	gt	version:	v2,<v4	Trust: 0.6
vendor:	siemens	model:	simatic s7-1200 cpu family	scope:	eq	version:	v4.4	Trust: 0.6
vendor:	siemens	model:	simatic s7-1500 cpu family	scope:	gt	version:	v2.5,<v2.9.2	Trust: 0.6
vendor:	siemens	model:	simatic s7-1500 software controller	scope:	gt	version:	v2.5	Trust: 0.6
vendor:	siemens	model:	tim irc	scope:	eq	version:	1531v2.1	Trust: 0.6

sources: CNVD: CNVD-2021-61122 // JVNDB: JVNDB-2021-010547 // NVD: CVE-2020-28397

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-28397
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2020-28397
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2021-61122
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202108-879
value:	MEDIUM
Trust: 0.6
VULMON:	CVE-2020-28397
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-28397
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2021-61122
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2020-28397
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.1
Trust: 1.0
NVD:	CVE-2020-28397
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2021-61122 // VULMON: CVE-2020-28397 // JVNDB: JVNDB-2021-010547 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202108-879 // NVD: CVE-2020-28397

PROBLEMTYPE DATA

problemtype:	CWE-863	Trust: 1.0
problemtype:	Illegal authentication (CWE-863) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-010547 // NVD: CVE-2020-28397

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202108-879

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:	SSA-865327	url:	https://cert-portal.siemens.com/productcert/pdf/ssa-865327.pdf	Trust: 0.8
title:	Patch for Siemens SIMATIC S7-1500 CPU and SIMATIC S7-1500 Improper Authorization Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/285461	Trust: 0.6
title:	Siemens SIMATIC S7-1500 CPU and SIMATIC S7-1500 Remediation measures for authorization problem vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=159714	Trust: 0.6
title:	Siemens Security Advisories: Siemens Security Advisory	url:	https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=9cd5926ec23281f7dbb4df33b5aa9ff5	Trust: 0.1

sources: CNVD: CNVD-2021-61122 // VULMON: CVE-2020-28397 // JVNDB: JVNDB-2021-010547 // CNNVD: CNNVD-202108-879

EXTERNAL IDS

db:	NVD	id:	CVE-2020-28397	Trust: 3.9
db:	SIEMENS	id:	SSA-865327	Trust: 2.3
db:	JVNDB	id:	JVNDB-2021-010547	Trust: 0.8
db:	CNVD	id:	CNVD-2021-61122	Trust: 0.6
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	ICS CERT	id:	ICSA-21-257-23	Trust: 0.6
db:	CS-HELP	id:	SB2021081110	Trust: 0.6
db:	CNNVD	id:	CNNVD-202108-879	Trust: 0.6
db:	VULMON	id:	CVE-2020-28397	Trust: 0.1

sources: CNVD: CNVD-2021-61122 // VULMON: CVE-2020-28397 // JVNDB: JVNDB-2021-010547 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202108-879 // NVD: CVE-2020-28397

REFERENCES

url:	https://cert-portal.siemens.com/productcert/pdf/ssa-865327.pdf	Trust: 2.3
url:	https://nvd.nist.gov/vuln/detail/cve-2020-28397	Trust: 0.8
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://us-cert.cisa.gov/ics/advisories/icsa-21-257-23	Trust: 0.6
url:	https://vigilance.fr/vulnerability/simatic-information-disclosure-via-incorrect-authorization-check-36091	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021081110	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/863.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://cert-portal.siemens.com/productcert/txt/ssa-865327.txt	Trust: 0.1

sources: CNVD: CNVD-2021-61122 // VULMON: CVE-2020-28397 // JVNDB: JVNDB-2021-010547 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202108-879 // NVD: CVE-2020-28397

CREDITS

Siemens reported this vulnerability to CISA.

Trust: 0.6

sources: CNNVD: CNNVD-202108-879

SOURCES

db:	CNVD	id:	CNVD-2021-61122
db:	VULMON	id:	CVE-2020-28397
db:	JVNDB	id:	JVNDB-2021-010547
db:	CNNVD	id:	CNNVD-202104-975
db:	CNNVD	id:	CNNVD-202108-879
db:	NVD	id:	CVE-2020-28397

LAST UPDATE DATE

2024-08-14T12:40:19.181000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-61122	date:	2022-01-18T00:00:00
db:	VULMON	id:	CVE-2020-28397	date:	2021-08-20T00:00:00
db:	JVNDB	id:	JVNDB-2021-010547	date:	2022-07-05T02:10:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	CNNVD	id:	CNNVD-202108-879	date:	2021-09-15T00:00:00
db:	NVD	id:	CVE-2020-28397	date:	2021-12-10T19:57:38.487

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-61122	date:	2021-08-11T00:00:00
db:	VULMON	id:	CVE-2020-28397	date:	2021-08-10T00:00:00
db:	JVNDB	id:	JVNDB-2021-010547	date:	2022-07-05T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	CNNVD	id:	CNNVD-202108-879	date:	2021-08-10T00:00:00
db:	NVD	id:	CVE-2020-28397	date:	2021-08-10T11:15:07.423