All the vulnerabilites related to Siemens AG - SIMATIC HMI Mobile Panels 2nd Generation
cve-2020-7592
Vulnerability from cvelistv5
Published
2020-07-14 13:18
Modified
2024-08-04 09:33
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in SIMATIC HMI Basic Panels 1st Generation (incl. SIPLUS variants) (All versions), SIMATIC HMI Basic Panels 2nd Generation (incl. SIPLUS variants) (All versions), SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions), SIMATIC HMI KTP700F Mobile Arctic (All versions), SIMATIC HMI Mobile Panels 2nd Generation (All versions), SIMATIC WinCC Runtime Advanced (All versions). Unencrypted communication between the configuration software and the respective device could allow an attacker to capture potential plain text communication and have access to sensitive information.
References
▼ | URL | Tags |
---|---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-364335.pdf | x_refsource_MISC | |
https://us-cert.cisa.gov/ics/advisories/icsa-20-196-04 | x_refsource_MISC |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T09:33:19.896Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-364335.pdf" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-04" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "SIMATIC HMI Basic Panels 1st Generation (incl. SIPLUS variants)", "vendor": "Siemens AG", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "product": "SIMATIC HMI Basic Panels 2nd Generation (incl. SIPLUS variants)", "vendor": "Siemens AG", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "product": "SIMATIC HMI Comfort Panels (incl. SIPLUS variants)", "vendor": "Siemens AG", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "product": "SIMATIC HMI KTP700F Mobile Arctic", "vendor": "Siemens AG", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "product": "SIMATIC HMI Mobile Panels 2nd Generation", "vendor": "Siemens AG", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "product": "SIMATIC WinCC Runtime Advanced", "vendor": "Siemens AG", "versions": [ { "status": "affected", "version": "All versions" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in SIMATIC HMI Basic Panels 1st Generation (incl. SIPLUS variants) (All versions), SIMATIC HMI Basic Panels 2nd Generation (incl. SIPLUS variants) (All versions), SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions), SIMATIC HMI KTP700F Mobile Arctic (All versions), SIMATIC HMI Mobile Panels 2nd Generation (All versions), SIMATIC WinCC Runtime Advanced (All versions). Unencrypted communication between the configuration software and the respective device could allow an attacker to capture potential plain text communication and have access to sensitive information." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-319", "description": "CWE-319: Cleartext Transmission of Sensitive Information", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2020-07-16T13:40:34", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-364335.pdf" }, { "tags": [ "x_refsource_MISC" ], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-04" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2020-7592", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "SIMATIC HMI Basic Panels 1st Generation (incl. SIPLUS variants)", "version": { "version_data": [ { "version_value": "All versions" } ] } }, { "product_name": "SIMATIC HMI Basic Panels 2nd Generation (incl. SIPLUS variants)", "version": { "version_data": [ { "version_value": "All versions" } ] } }, { "product_name": "SIMATIC HMI Comfort Panels (incl. SIPLUS variants)", "version": { "version_data": [ { "version_value": "All versions" } ] } }, { "product_name": "SIMATIC HMI KTP700F Mobile Arctic", "version": { "version_data": [ { "version_value": "All versions" } ] } }, { "product_name": "SIMATIC HMI Mobile Panels 2nd Generation", "version": { "version_data": [ { "version_value": "All versions" } ] } }, { "product_name": "SIMATIC WinCC Runtime Advanced", "version": { "version_data": [ { "version_value": "All versions" } ] } } ] }, "vendor_name": "Siemens AG" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability has been identified in SIMATIC HMI Basic Panels 1st Generation (incl. SIPLUS variants) (All versions), SIMATIC HMI Basic Panels 2nd Generation (incl. SIPLUS variants) (All versions), SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions), SIMATIC HMI KTP700F Mobile Arctic (All versions), SIMATIC HMI Mobile Panels 2nd Generation (All versions), SIMATIC WinCC Runtime Advanced (All versions). Unencrypted communication between the configuration software and the respective device could allow an attacker to capture potential plain text communication and have access to sensitive information." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-319: Cleartext Transmission of Sensitive Information" } ] } ] }, "references": { "reference_data": [ { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-364335.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-364335.pdf" }, { "name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-04", "refsource": "MISC", "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-04" } ] } } } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2020-7592", "datePublished": "2020-07-14T13:18:05", "dateReserved": "2020-01-21T00:00:00", "dateUpdated": "2024-08-04T09:33:19.896Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }