Vulnerabilites related to Siemens - SIMATIC S7 PLCSIM Advanced
cve-2020-28397
Vulnerability from cvelistv5
Published
2021-08-10 10:35
Modified
2024-08-04 16:33
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V21.9), SIMATIC S7 PLCSIM Advanced (All versions > V2 < V4), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (Version V4.4), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions > V2.5 < V2.9.2), SIMATIC S7-1500 Software Controller (All versions > V2.5 < V21.9), TIM 1531 IRC (incl. SIPLUS NET variants) (Version V2.1). Due to an incorrect authorization check in the affected component, an attacker could extract information about access protected PLC program variables over port 102/tcp from an affected device when reading multiple attributes at once.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-865327.pdf | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | SIMATIC Drive Controller family |
Version: All versions < V2.9.2 |
|||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T16:33:59.119Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-865327.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "SIMATIC Drive Controller family", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.9.2", }, ], }, { product: "SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V21.9", }, ], }, { product: "SIMATIC S7 PLCSIM Advanced", vendor: "Siemens", versions: [ { status: "affected", version: "All versions > V2 < V4", }, ], }, { product: "SIMATIC S7-1200 CPU family (incl. SIPLUS variants)", vendor: "Siemens", versions: [ { status: "affected", version: "Version V4.4", }, ], }, { product: "SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants)", vendor: "Siemens", versions: [ { status: "affected", version: "All versions > V2.5 < V2.9.2", }, ], }, { product: "SIMATIC S7-1500 Software Controller", vendor: "Siemens", versions: [ { status: "affected", version: "All versions > V2.5 < V21.9", }, ], }, { product: "TIM 1531 IRC (incl. SIPLUS NET variants)", vendor: "Siemens", versions: [ { status: "affected", version: "Version V2.1", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V21.9), SIMATIC S7 PLCSIM Advanced (All versions > V2 < V4), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (Version V4.4), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions > V2.5 < V2.9.2), SIMATIC S7-1500 Software Controller (All versions > V2.5 < V21.9), TIM 1531 IRC (incl. SIPLUS NET variants) (Version V2.1). Due to an incorrect authorization check in the affected component, an attacker could extract information about access protected PLC program variables over port 102/tcp from an affected device when reading multiple attributes at once.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-863", description: "CWE-863: Incorrect Authorization", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-09-14T10:47:15", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-865327.pdf", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "productcert@siemens.com", ID: "CVE-2020-28397", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "SIMATIC Drive Controller family", version: { version_data: [ { version_value: "All versions < V2.9.2", }, ], }, }, { product_name: "SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)", version: { version_data: [ { version_value: "All versions < V21.9", }, ], }, }, { product_name: "SIMATIC S7 PLCSIM Advanced", version: { version_data: [ { version_value: "All versions > V2 < V4", }, ], }, }, { product_name: "SIMATIC S7-1200 CPU family (incl. SIPLUS variants)", version: { version_data: [ { version_value: "Version V4.4", }, ], }, }, { product_name: "SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants)", version: { version_data: [ { version_value: "All versions > V2.5 < V2.9.2", }, ], }, }, { product_name: "SIMATIC S7-1500 Software Controller", version: { version_data: [ { version_value: "All versions > V2.5 < V21.9", }, ], }, }, { product_name: "TIM 1531 IRC (incl. SIPLUS NET variants)", version: { version_data: [ { version_value: "Version V2.1", }, ], }, }, ], }, vendor_name: "Siemens", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V21.9), SIMATIC S7 PLCSIM Advanced (All versions > V2 < V4), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (Version V4.4), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions > V2.5 < V2.9.2), SIMATIC S7-1500 Software Controller (All versions > V2.5 < V21.9), TIM 1531 IRC (incl. SIPLUS NET variants) (Version V2.1). Due to an incorrect authorization check in the affected component, an attacker could extract information about access protected PLC program variables over port 102/tcp from an affected device when reading multiple attributes at once.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-863: Incorrect Authorization", }, ], }, ], }, references: { reference_data: [ { name: "https://cert-portal.siemens.com/productcert/pdf/ssa-865327.pdf", refsource: "MISC", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-865327.pdf", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2020-28397", datePublished: "2021-08-10T10:35:23", dateReserved: "2020-11-10T00:00:00", dateUpdated: "2024-08-04T16:33:59.119Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
var-202108-2236
Vulnerability from variot
A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V21.9), SIMATIC S7 PLCSIM Advanced (All versions > V2 < V4), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (Version V4.4), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions > V2.5 < V2.9.2), SIMATIC S7-1500 Software Controller (All versions > V2.5 < V21.9), TIM 1531 IRC (incl. SIPLUS NET variants) (Version V2.1). Due to an incorrect authorization check in the affected component, an attacker could extract information about access protected PLC program variables over port 102/tcp from an affected device when reading multiple attributes at once. Multiple Siemens products contain fraudulent authentication vulnerabilities.Information may be obtained. Siemens SIMATIC S7-1500 CPU and SIMATIC S7-1500 are the products of Germany Siemens (Siemens) company. The SIMATIC S7-1500 CPU is a CPU (Central Processing Unit) module. The SIMATIC S7-1500 is a programmable logic controller. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202108-2236", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "cpu 1517t-3 pn\\/dp", scope: "lt", trust: 1, vendor: "siemens", version: "2.9.2", }, { model: "cpu 1513f-1 pn", scope: "gte", trust: 1, vendor: "siemens", version: "2.5", }, { model: "cpu 1518f-4 pn\\/dp", scope: "lt", trust: 1, vendor: "siemens", version: "2.9.2", }, { model: "siplus cpu 1511f-1 pn", scope: "lt", trust: 1, vendor: "siemens", version: "2.9.2", }, { model: "cpu 1516-3", scope: "gte", trust: 1, vendor: "siemens", version: "2.5", }, { model: "cpu 1512c-1 pn", scope: "lt", trust: 1, vendor: "siemens", version: "2.9.2", }, { model: "cpu 1211c", scope: "eq", trust: 1, vendor: "siemens", version: "4.4", }, { model: "cpu 1516t-3 pn\\/dp", scope: "gte", trust: 1, vendor: "siemens", version: "2.5", }, { model: "cpu 1515-2", scope: "lt", trust: 1, vendor: "siemens", version: "2.9.2", }, { model: "cpu 1517tf-3 pn\\/dp", scope: "gte", trust: 1, vendor: "siemens", version: "2.5", }, { model: "cpu 1516pro f-2 pn", scope: "lt", trust: 1, vendor: "siemens", version: "2.9.2", }, { model: "siplus cpu 1510sp f-1pn", scope: "lt", trust: 1, vendor: "siemens", version: "2.9.2", }, { model: "simatic s7 plcsim advanced", scope: "lt", trust: 1, vendor: "siemens", version: "4.0", }, { model: "siplus cpu 1512sp-1 pn", scope: "lt", trust: 1, vendor: "siemens", version: "2.9.2", }, { model: "cpu 1512sp-1 pn", scope: "gte", trust: 1, vendor: "siemens", version: "2.5", }, { model: "siplus cpu 1513-1 pn", scope: "lt", trust: 1, vendor: "siemens", version: "2.9.2", }, { model: "simatic s7-1500 software controller", scope: "gte", trust: 1, vendor: "siemens", version: "2.5", }, { model: "cpu1510sp f-1", scope: "lt", trust: 1, vendor: "siemens", version: "2.9.2", }, { model: "cpu 1511-1pn", scope: "lt", trust: 1, vendor: "siemens", version: "2.9.2", }, { model: "cpu 1510sp-1pn", scope: "lt", trust: 1, vendor: "siemens", version: "2.9.2", }, { model: "cpu 1515sp pc2 tf", scope: "lt", trust: 1, vendor: "siemens", version: "21.9", }, { model: "cpu 1513f-1 pn", scope: "lt", trust: 1, vendor: "siemens", version: "2.9.2", }, { model: "cpu 1511tf-1pn", scope: "gte", trust: 1, vendor: "siemens", version: "2.5", }, { model: "cpu 1518f-4 pn\\/dp", scope: "gte", trust: 1, vendor: "siemens", version: "2.5", }, { model: "cpu 1515r-2 pn", scope: "gte", trust: 1, vendor: "siemens", version: "2.5", }, { model: "cpu 1516-3", scope: "lt", trust: 1, vendor: "siemens", version: "2.9.2", }, { model: "cpu 1515tf-2 pn", scope: "gte", trust: 1, vendor: "siemens", version: "2.5", }, { model: "siplus cpu 1518-4 pn\\/dp", scope: "gte", trust: 1, vendor: "siemens", version: "2.5", }, { model: "siplus cpu 1516-3 pn\\/dp", scope: "lt", trust: 1, vendor: "siemens", version: "2.9.2", }, { model: "cpu 1513-1 pn", scope: "lt", trust: 1, vendor: "siemens", version: "2.9.2", }, { model: "cpu 1215c", scope: "eq", trust: 1, vendor: "siemens", version: "4.4", }, { model: "siplus cpu 1518f-4 pn\\/dp", scope: "lt", trust: 1, vendor: "siemens", version: "2.9.2", }, { model: "siplus cpu 1513-1 pn", scope: "gte", trust: 1, vendor: "siemens", version: "2.5", }, { model: "cpu 1511-1pn", scope: "gte", trust: 1, vendor: "siemens", version: "2.5", }, { model: "cpu 1516f-3", scope: "lt", trust: 1, vendor: "siemens", version: "2.9.2.", }, { model: "cpu 1516f-3", scope: "gte", trust: 1, vendor: "siemens", version: "2.5", }, { model: "cpu 1507d tf", scope: "lt", trust: 1, vendor: "siemens", version: "2.9.2", }, { model: "cpu 1511tf-1pn", scope: "lt", trust: 1, vendor: "siemens", version: "2.9.2", }, { model: "cpu 1212c", scope: "eq", trust: 1, vendor: "siemens", version: "4.4", }, { model: "siplus cpu 1512sp f-1pn", scope: "lt", trust: 1, vendor: "siemens", version: "2.9.2", }, { model: "cpu 1511c-1 pn", scope: "lt", trust: 1, vendor: "siemens", version: "2.9.2", }, { model: "cpu 1515r-2 pn", scope: "lt", trust: 1, vendor: "siemens", version: "2.9.2", }, { model: "cpu 1517f-3 pn\\/dp", scope: "gte", trust: 1, vendor: "siemens", version: "2.5", }, { model: "cpu 1515tf-2 pn", scope: "lt", trust: 1, vendor: "siemens", version: "2.9.2", }, { model: "siplus cpu 1518-4 pn\\/dp", scope: "lt", trust: 1, vendor: "siemens", version: "2.9.2", }, { model: "cpu 1512sp f-1 pn", scope: "gte", trust: 1, vendor: "siemens", version: "2.5", }, { model: "siplus cpu 1516-3 pn\\/dp", scope: "gte", trust: 1, vendor: "siemens", version: "2.5", }, { model: "cpu 1515t-2 pn", scope: "gte", trust: 1, vendor: "siemens", version: "2.5", }, { model: "cpu 1513-1 pn", scope: "gte", trust: 1, vendor: "siemens", version: "2.5", }, { model: "cpu 1518-4 pn\\/dp", scope: "lt", trust: 1, vendor: "siemens", version: "2.9.2", }, { model: "simatic s7-1500 software controller", scope: "lt", trust: 1, vendor: "siemens", version: "21.9", }, { model: "siplus cpu 1518f-4 pn\\/dp", scope: "gte", trust: 1, vendor: "siemens", version: "2.5", }, { model: "siplus cpu 1513f-1 pn", scope: "gte", trust: 1, vendor: "siemens", version: "2.5", }, { model: "cpu 1511f-1pn", scope: "lt", trust: 1, vendor: "siemens", version: "2.9.2", }, { model: "cpu 1511t-1pn", scope: "lt", trust: 1, vendor: "siemens", version: "2.9.2", }, { model: "cpu 1513r-1 pn", scope: "lt", trust: 1, vendor: "siemens", version: "2.9.2", }, { model: "cpu 1516pro-2 pn", scope: "lt", trust: 1, vendor: "siemens", version: "2.9.2", }, { model: "cpu 1504d tf", scope: "lt", trust: 1, vendor: "siemens", version: "2.9.2", }, { model: "cpu 1515f-2", scope: "lt", trust: 1, vendor: "siemens", version: "2.9.2", }, { model: "cpu 1214c", scope: "eq", trust: 1, vendor: "siemens", version: "4.4", }, { model: "cpu 1517-3 pn\\/dp", scope: "lt", trust: 1, vendor: "siemens", version: "2.9.2", }, { model: "siplus cpu 1512sp f-1pn", scope: "gte", trust: 1, vendor: "siemens", version: "2.5", }, { model: "tim 1531 irc", scope: "eq", trust: 1, vendor: "siemens", version: "2.1", }, { model: "cpu 1511c-1 pn", scope: "gte", trust: 1, vendor: "siemens", version: "2.5", }, { model: "cpu 1517f-3 pn\\/dp", scope: "lt", trust: 1, vendor: "siemens", version: "2.9.2", }, { model: "siplus cpu-1516f-3 pn\\/dp", scope: "lt", trust: 1, vendor: "siemens", version: "2.9.2", }, { model: "siplus cpu 1511-1 pn", scope: "gte", trust: 1, vendor: "siemens", version: "2.5", }, { model: "cpu 1516t-3 pn\\/dp", scope: "lt", trust: 1, vendor: "siemens", version: "2.9.2", }, { model: "cpu 1212fc", scope: "eq", trust: 1, vendor: "siemens", version: "4.4", }, { model: "cpu 1513pro f-2 pn", scope: "lt", trust: 1, vendor: "siemens", version: "2.9.2", }, { model: "cpu 1217c", scope: "eq", trust: 1, vendor: "siemens", version: "4.4", }, { model: "cpu 1515t-2 pn", scope: "lt", trust: 1, vendor: "siemens", version: "2.9.2", }, { model: "cpu 1516tf-3 pn\\/dp", scope: "gte", trust: 1, vendor: "siemens", version: "2.5", }, { model: "cpu 1518-4 pn\\/dp", scope: "gte", trust: 1, vendor: "siemens", version: "2.5", }, { model: "cpu 1517tf-3 pn\\/dp", scope: "lt", trust: 1, vendor: "siemens", version: "2.9.2", }, { model: "cpu 1517t-3 pn\\/dp", scope: "gte", trust: 1, vendor: "siemens", version: "2.5", }, { model: "siplus cpu 1513f-1 pn", scope: "lt", trust: 1, vendor: "siemens", version: "2.9.2", }, { model: "cpu 1511f-1pn", scope: "gte", trust: 1, vendor: "siemens", version: "2.5", }, { model: "siplus cpu 1511f-1 pn", scope: "gte", trust: 1, vendor: "siemens", version: "2.5", }, { model: "cpu 1511t-1pn", scope: "gte", trust: 1, vendor: "siemens", version: "2.5", }, { model: "cpu 1513r-1 pn", scope: "gte", trust: 1, vendor: "siemens", version: "2.5", }, { model: "cpu 1516pro-2 pn", scope: "gte", trust: 1, vendor: "siemens", version: "2.5", }, { model: "cpu 1512c-1 pn", scope: "gte", trust: 1, vendor: "siemens", version: "2.5", }, { model: "cpu 1215fc", scope: "eq", trust: 1, vendor: "siemens", version: "4.4", }, { model: "cpu 1512sp f-1 pn", scope: "lt", trust: 1, vendor: "siemens", version: "2.9.2", }, { model: "cpu 1515-2", scope: "gte", trust: 1, vendor: "siemens", version: "2.5", }, { model: "cpu 1516pro f-2 pn", scope: "gte", trust: 1, vendor: "siemens", version: "2.5", }, { model: "cpu 1517-3 pn\\/dp", scope: "gte", trust: 1, vendor: "siemens", version: "2.5", }, { model: "siplus cpu 1510sp f-1pn", scope: "gte", trust: 1, vendor: "siemens", version: "2.5", }, { model: "siplus cpu 1512sp-1 pn", scope: "gte", trust: 1, vendor: "siemens", version: "2.5", }, { model: "simatic s7 plcsim advanced", scope: "gte", trust: 1, vendor: "siemens", version: "2.0", }, { model: "cpu 1512sp-1 pn", scope: "lt", trust: 1, vendor: "siemens", version: "2.9.2", }, { model: "siplus cpu 1511-1 pn", scope: "lt", trust: 1, vendor: "siemens", version: "2.9.2", }, { model: "siplus cpu-1516f-3 pn\\/dp", scope: "gte", trust: 1, vendor: "siemens", version: "2.5", }, { model: "cpu1510sp f-1", scope: "gte", trust: 1, vendor: "siemens", version: "2.5", }, { model: "cpu 1510sp-1pn", scope: "gte", trust: 1, vendor: "siemens", version: "2.5", }, { model: "cpu 1515f-2", scope: "gte", trust: 1, vendor: "siemens", version: "2.5", }, { model: "cpu 1513pro f-2 pn", scope: "gte", trust: 1, vendor: "siemens", version: "2.5", }, { model: "cpu 1516tf-3 pn\\/dp", scope: "lt", trust: 1, vendor: "siemens", version: "2.9.2", }, { model: "cpu 1214fc", scope: "eq", trust: 1, vendor: "siemens", version: "4.4", }, { model: "tim 1531 irc", scope: null, trust: 0.8, vendor: "シーメンス", version: null, }, { model: "cpu 1504d tf", scope: null, trust: 0.8, vendor: "シーメンス", version: null, }, { model: "simatic s7-plcsim advanced", scope: null, trust: 0.8, vendor: "シーメンス", version: null, }, { model: "cpu 1507d tf", scope: null, trust: 0.8, vendor: "シーメンス", version: null, }, { model: "simatic drive controller family", scope: "lt", trust: 0.6, vendor: "siemens", version: "v2.9.2", }, { model: "simatic et 200sp open controller cpu 1515sp pc2", scope: null, trust: 0.6, vendor: "siemens", version: null, }, { model: "simatic s7 plcsim advanced", scope: "gt", trust: 0.6, vendor: "siemens", version: "v2,<v4", }, { model: "simatic s7-1200 cpu family", scope: "eq", trust: 0.6, vendor: "siemens", version: "v4.4", }, { model: "simatic s7-1500 cpu family", scope: "gt", trust: 0.6, vendor: "siemens", version: "v2.5,<v2.9.2", }, { model: "simatic s7-1500 software controller", scope: "gt", trust: 0.6, vendor: "siemens", version: "v2.5", }, { model: "tim irc", scope: "eq", trust: 0.6, vendor: "siemens", version: "1531v2.1", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-61122", }, { db: "JVNDB", id: "JVNDB-2021-010547", }, { db: "NVD", id: "CVE-2020-28397", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:cpu_1504d_tf_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.9.2", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:cpu_1504d_tf:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:cpu_1507d_tf_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.9.2", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:cpu_1507d_tf:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:cpu_1515sp_pc2_tf_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "21.9", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:cpu_1515sp_pc2_tf:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_s7_plcsim_advanced_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "4.0", versionStartIncluding: "2.0", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_s7_plcsim_advanced:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:siemens:simatic_s7-1500_software_controller:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "21.9", versionStartIncluding: "2.5", vulnerable: true, }, ], operator: "OR", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:tim_1531_irc_firmware:2.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:tim_1531_irc:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:cpu_1211c_firmware:4.4:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:cpu_1211c:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:cpu_1212c_firmware:4.4:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:cpu_1212c:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:cpu_1212fc_firmware:4.4:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:cpu_1212fc:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:cpu_1214fc_firmware:4.4:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:cpu_1214fc:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:cpu_1214c_firmware:4.4:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:cpu_1214c:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:cpu_1215fc_firmware:4.4:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:cpu_1215fc:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:cpu_1215c_firmware:4.4:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:cpu_1215c:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:cpu_1217c_firmware:4.4:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:cpu_1217c:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:siplus_cpu_1510sp_f-1pn_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.9.2", versionStartIncluding: "2.5", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:siplus_cpu_1510sp_f-1pn:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:siplus_cpu_1511-1_pn_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.9.2", versionStartIncluding: "2.5", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:siplus_cpu_1511-1_pn:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:siplus_cpu_1511-1_pn_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.9.2", versionStartIncluding: "2.5", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:siplus_cpu_1511-1_pn:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:siplus_cpu_1511f-1_pn_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.9.2", versionStartIncluding: "2.5", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:siplus_cpu_1511f-1_pn:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:siplus_cpu_1512sp-1_pn_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.9.2", versionStartIncluding: "2.5", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:siplus_cpu_1512sp-1_pn:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:siplus_cpu_1512sp_f-1pn_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.9.2", versionStartIncluding: "2.5", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:siplus_cpu_1512sp_f-1pn:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:siplus_cpu_1513-1_pn_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.9.2", versionStartIncluding: "2.5", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:siplus_cpu_1513-1_pn:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:siplus_cpu_1513-1_pn_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.9.2", versionStartIncluding: "2.5", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:siplus_cpu_1513-1_pn:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:siplus_cpu_1513f-1_pn_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.9.2", versionStartIncluding: "2.5", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:siplus_cpu_1513f-1_pn:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:siplus_cpu_1516-3_pn\\/dp_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.9.2", versionStartIncluding: "2.5", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:siplus_cpu_1516-3_pn\\/dp:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:siplus_cpu_1516-3_pn\\/dp_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.9.2", versionStartIncluding: "2.5", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:siplus_cpu_1516-3_pn\\/dp:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:siplus_cpu-1516f-3_pn\\/dp_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.9.2", versionStartIncluding: "2.5", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:siplus_cpu-1516f-3_pn\\/dp:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:siplus_cpu_1518-4_pn\\/dp_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.9.2", versionStartIncluding: "2.5", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:siplus_cpu_1518-4_pn\\/dp:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:siplus_cpu_1518f-4_pn\\/dp_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.9.2", versionStartIncluding: "2.5", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:siplus_cpu_1518f-4_pn\\/dp:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:cpu_1510sp-1pn_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.9.2", versionStartIncluding: "2.5", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:cpu_1510sp-1pn:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:cpu1510sp_f-1_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.9.2", versionStartIncluding: "2.5", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:cpu1510sp_f-1:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:cpu_1511-1pn_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.9.2", versionStartIncluding: "2.5", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:cpu_1511-1pn:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:cpu_1511-1pn_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.9.2", versionStartIncluding: "2.5", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:cpu_1511-1pn:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:cpu_1511c-1_pn_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.9.2", versionStartIncluding: "2.5", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:cpu_1511c-1_pn:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:cpu_1511f-1pn_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.9.2", versionStartIncluding: "2.5", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:cpu_1511f-1pn:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:cpu_1511t-1pn_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.9.2", versionStartIncluding: "2.5", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:cpu_1511t-1pn:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:cpu_1511tf-1pn_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.9.2", versionStartIncluding: "2.5", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:cpu_1511tf-1pn:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:cpu_1512c-1_pn_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.9.2", versionStartIncluding: "2.5", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:cpu_1512c-1_pn:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:cpu_1512sp-1_pn_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.9.2", versionStartIncluding: "2.5", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:cpu_1512sp-1_pn:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:cpu_1512sp_f-1_pn_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.9.2", versionStartIncluding: "2.5", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:cpu_1512sp_f-1_pn:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:cpu_1513-1_pn_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.9.2", versionStartIncluding: "2.5", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:cpu_1513-1_pn:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:cpu_1513f-1_pn_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.9.2", versionStartIncluding: "2.5", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:cpu_1513f-1_pn:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:cpu_1513r-1_pn_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.9.2", versionStartIncluding: "2.5", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:cpu_1513r-1_pn:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:cpu_1513pro_f-2_pn_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.9.2", versionStartIncluding: "2.5", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:cpu_1513pro_f-2_pn:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:cpu_1515-2_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.9.2", versionStartIncluding: "2.5", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:cpu_1515-2:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:cpu_1515f-2_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.9.2", versionStartIncluding: "2.5", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:cpu_1515f-2:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:cpu_1515r-2_pn_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.9.2", versionStartIncluding: "2.5", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:cpu_1515r-2_pn:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:cpu_1515t-2_pn_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.9.2", versionStartIncluding: "2.5", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:cpu_1515t-2_pn:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:cpu_1515tf-2_pn_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.9.2", versionStartIncluding: "2.5", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:cpu_1515tf-2_pn:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:cpu_1516pro_f-2_pn_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.9.2", versionStartIncluding: "2.5", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:cpu_1516pro_f-2_pn:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:cpu_1516pro-2_pn_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.9.2", versionStartIncluding: "2.5", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:cpu_1516pro-2_pn:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:cpu_1516-3_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.9.2", versionStartIncluding: "2.5", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:cpu_1516-3:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:cpu_1516f-3_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.9.2.", versionStartIncluding: "2.5", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:cpu_1516f-3:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:cpu_1516t-3_pn\\/dp_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.9.2", versionStartIncluding: "2.5", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:cpu_1516t-3_pn\\/dp:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:cpu_1516tf-3_pn\\/dp_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.9.2", versionStartIncluding: "2.5", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:cpu_1516tf-3_pn\\/dp:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:cpu_1517-3_pn\\/dp_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.9.2", versionStartIncluding: "2.5", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:cpu_1517-3_pn\\/dp:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:cpu_1517f-3_pn\\/dp_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.9.2", versionStartIncluding: "2.5", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:cpu_1517f-3_pn\\/dp:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:cpu_1517t-3_pn\\/dp_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.9.2", versionStartIncluding: "2.5", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:cpu_1517t-3_pn\\/dp:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:cpu_1517tf-3_pn\\/dp_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.9.2", versionStartIncluding: "2.5", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:cpu_1517tf-3_pn\\/dp:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:cpu_1518-4_pn\\/dp_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.9.2", versionStartIncluding: "2.5", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:cpu_1518-4_pn\\/dp:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:cpu_1518f-4_pn\\/dp_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.9.2", versionStartIncluding: "2.5", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:cpu_1518f-4_pn\\/dp:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2020-28397", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Siemens reported this vulnerability to CISA.", sources: [ { db: "CNNVD", id: "CNNVD-202108-879", }, ], trust: 0.6, }, cve: "CVE-2020-28397", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, impactScore: 2.9, integrityImpact: "NONE", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "None", author: "NVD", availabilityImpact: "None", baseScore: 5, confidentialityImpact: "Partial", exploitabilityScore: null, id: "CVE-2020-28397", impactScore: null, integrityImpact: "None", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.9, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, id: "CNVD-2021-61122", impactScore: 2.9, integrityImpact: "NONE", severity: "MEDIUM", trust: 0.6, vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", exploitabilityScore: 3.9, impactScore: 1.4, integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "None", baseScore: 5.3, baseSeverity: "Medium", confidentialityImpact: "Low", exploitabilityScore: null, id: "CVE-2020-28397", impactScore: null, integrityImpact: "None", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2020-28397", trust: 1.8, value: "MEDIUM", }, { author: "CNVD", id: "CNVD-2021-61122", trust: 0.6, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202104-975", trust: 0.6, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202108-879", trust: 0.6, value: "MEDIUM", }, { author: "VULMON", id: "CVE-2020-28397", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2021-61122", }, { db: "VULMON", id: "CVE-2020-28397", }, { db: "JVNDB", id: "JVNDB-2021-010547", }, { db: "NVD", id: "CVE-2020-28397", }, { db: "CNNVD", id: "CNNVD-202104-975", }, { db: "CNNVD", id: "CNNVD-202108-879", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V21.9), SIMATIC S7 PLCSIM Advanced (All versions > V2 < V4), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (Version V4.4), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions > V2.5 < V2.9.2), SIMATIC S7-1500 Software Controller (All versions > V2.5 < V21.9), TIM 1531 IRC (incl. SIPLUS NET variants) (Version V2.1). Due to an incorrect authorization check in the affected component, an attacker could extract information about access protected PLC program variables over port 102/tcp from an affected device when reading multiple attributes at once. Multiple Siemens products contain fraudulent authentication vulnerabilities.Information may be obtained. Siemens SIMATIC S7-1500 CPU and SIMATIC S7-1500 are the products of Germany Siemens (Siemens) company. The SIMATIC S7-1500 CPU is a CPU (Central Processing Unit) module. The SIMATIC S7-1500 is a programmable logic controller. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements", sources: [ { db: "NVD", id: "CVE-2020-28397", }, { db: "JVNDB", id: "JVNDB-2021-010547", }, { db: "CNVD", id: "CNVD-2021-61122", }, { db: "CNNVD", id: "CNNVD-202104-975", }, { db: "VULMON", id: "CVE-2020-28397", }, ], trust: 2.79, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2020-28397", trust: 3.9, }, { db: "SIEMENS", id: "SSA-865327", trust: 2.3, }, { db: "JVNDB", id: "JVNDB-2021-010547", trust: 0.8, }, { db: "CNVD", id: "CNVD-2021-61122", trust: 0.6, }, { db: "CS-HELP", id: "SB2021041363", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202104-975", trust: 0.6, }, { db: "ICS CERT", id: "ICSA-21-257-23", trust: 0.6, }, { db: "CS-HELP", id: "SB2021081110", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202108-879", trust: 0.6, }, { db: "VULMON", id: "CVE-2020-28397", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2021-61122", }, { db: "VULMON", id: "CVE-2020-28397", }, { db: "JVNDB", id: "JVNDB-2021-010547", }, { db: "NVD", id: "CVE-2020-28397", }, { db: "CNNVD", id: "CNNVD-202104-975", }, { db: "CNNVD", id: "CNNVD-202108-879", }, ], }, id: "VAR-202108-2236", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2021-61122", }, ], trust: 1.41313538625, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "ICS", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2021-61122", }, ], }, last_update_date: "2023-12-18T11:13:41.957000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "SSA-865327", trust: 0.8, url: "https://cert-portal.siemens.com/productcert/pdf/ssa-865327.pdf", }, { title: "Patch for Siemens SIMATIC S7-1500 CPU and SIMATIC S7-1500 Improper Authorization Vulnerability", trust: 0.6, url: "https://www.cnvd.org.cn/patchinfo/show/285461", }, { title: "Siemens SIMATIC S7-1500 CPU and SIMATIC S7-1500 Remediation measures for authorization problem vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=159714", }, { title: "Siemens Security Advisories: Siemens Security Advisory", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=9cd5926ec23281f7dbb4df33b5aa9ff5", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-61122", }, { db: "VULMON", id: "CVE-2020-28397", }, { db: "JVNDB", id: "JVNDB-2021-010547", }, { db: "CNNVD", id: "CNNVD-202108-879", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-863", trust: 1, }, { problemtype: "Illegal authentication (CWE-863) [NVD evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-010547", }, { db: "NVD", id: "CVE-2020-28397", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.3, url: "https://cert-portal.siemens.com/productcert/pdf/ssa-865327.pdf", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2020-28397", }, { trust: 0.6, url: "https://www.cybersecurity-help.cz/vdb/sb2021041363", }, { trust: 0.6, url: "https://us-cert.cisa.gov/ics/advisories/icsa-21-257-23", }, { trust: 0.6, url: "https://vigilance.fr/vulnerability/simatic-information-disclosure-via-incorrect-authorization-check-36091", }, { trust: 0.6, url: "https://www.cybersecurity-help.cz/vdb/sb2021081110", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/863.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, { trust: 0.1, url: "https://cert-portal.siemens.com/productcert/txt/ssa-865327.txt", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-61122", }, { db: "VULMON", id: "CVE-2020-28397", }, { db: "JVNDB", id: "JVNDB-2021-010547", }, { db: "NVD", id: "CVE-2020-28397", }, { db: "CNNVD", id: "CNNVD-202104-975", }, { db: "CNNVD", id: "CNNVD-202108-879", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2021-61122", }, { db: "VULMON", id: "CVE-2020-28397", }, { db: "JVNDB", id: "JVNDB-2021-010547", }, { db: "NVD", id: "CVE-2020-28397", }, { db: "CNNVD", id: "CNNVD-202104-975", }, { db: "CNNVD", id: "CNNVD-202108-879", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-08-11T00:00:00", db: "CNVD", id: "CNVD-2021-61122", }, { date: "2021-08-10T00:00:00", db: "VULMON", id: "CVE-2020-28397", }, { date: "2022-07-05T00:00:00", db: "JVNDB", id: "JVNDB-2021-010547", }, { date: "2021-08-10T11:15:07.423000", db: "NVD", id: "CVE-2020-28397", }, { date: "2021-04-13T00:00:00", db: "CNNVD", id: "CNNVD-202104-975", }, { date: "2021-08-10T00:00:00", db: "CNNVD", id: "CNNVD-202108-879", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-01-18T00:00:00", db: "CNVD", id: "CNVD-2021-61122", }, { date: "2021-08-20T00:00:00", db: "VULMON", id: "CVE-2020-28397", }, { date: "2022-07-05T02:10:00", db: "JVNDB", id: "JVNDB-2021-010547", }, { date: "2021-12-10T19:57:38.487000", db: "NVD", id: "CVE-2020-28397", }, { date: "2021-04-14T00:00:00", db: "CNNVD", id: "CNNVD-202104-975", }, { date: "2021-09-15T00:00:00", db: "CNNVD", id: "CNNVD-202108-879", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202108-879", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Fraudulent authentication vulnerabilities in multiple Siemens products", sources: [ { db: "JVNDB", id: "JVNDB-2021-010547", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "other", sources: [ { db: "CNNVD", id: "CNNVD-202104-975", }, ], trust: 0.6, }, }
var-201908-1838
Vulnerability from variot
A vulnerability has been identified in SIMATIC Drive Controller family (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V20.8), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions >= V20.8), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.4.0), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions >= V4.4.0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V2.8.1), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions >= V2.8.1), SIMATIC S7-1500 Software Controller (All versions < V20.8), SIMATIC S7-1500 Software Controller (All versions >= V20.8), SIMATIC S7-PLCSIM Advanced (All versions < V3.0), SIMATIC S7-PLCSIM Advanced (All versions >= V3.0). An attacker with network access to port 102/tcp could potentially modify the user program on the PLC in a way that the running code is different from the source code which is stored on the device. An attacker must have network access to affected devices and must be able to perform changes to the user program. The vulnerability could impact the perceived integrity of the user program stored on the CPU. An engineer that tries to obtain the code of the user program running on the device, can receive different source code that is not actually running on the device. plural SIMATIC The product contains an access control vulnerability.Information may be tampered with. The Simatic S7-1200 CPU and Simatic S7-1500 CPU series are discrete and continuous control in industrial environments such as manufacturing, food and beverage, and chemical industries.
A man-in-the-middle attack vulnerability exists in the SIMATICS7-1200 and SIMATICS7-1500CPU families. A vulnerability has been identified in SIMATIC ET200SP (incl. No public exploitation of the vulnerability was known at the time of advisory publication. Both Siemens SIMATIC S7-1500 CPU and Siemens SIMATIC S7-1200 are products of Siemens, Germany. SIMATIC S7-1500 CPU is a CPU (central processing unit) module. Siemens SIMATIC S7-1200 is a S7-1200 series PLC (programmable logic controller). This vulnerability stems from network systems or products not properly restricting access to resources from unauthorized roles
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201908-1838", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "simatic s7 plcsim advanced", scope: "lt", trust: 1, vendor: "siemens", version: "3.0", }, { model: "simatic s7-1500 cpu 1518", scope: "lt", trust: 1, vendor: "siemens", version: "2.8.1", }, { model: "simatic s7-1200 cpu 1211c", scope: "lt", trust: 1, vendor: "siemens", version: "4.4", }, { model: "simatic s7-1200 cpu 1217c", scope: "lt", trust: 1, vendor: "siemens", version: "4.4", }, { model: "simatic s7-1500 cpu 1511c", scope: "lt", trust: 1, vendor: "siemens", version: "2.8.1", }, { model: "simatic et 200sp open controller cpu 1515sp pc", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "simatic s7-1200 cpu 1212c", scope: "lt", trust: 1, vendor: "siemens", version: "4.4", }, { model: "simatic s7-1200 cpu 1214c", scope: "lt", trust: 1, vendor: "siemens", version: "4.4", }, { model: "simatic s7-1200 cpu 1215c", scope: "lt", trust: 1, vendor: "siemens", version: "4.4", }, { model: "simatic s7-1500 software controller", scope: "lt", trust: 1, vendor: "siemens", version: "20.8", }, { model: "simatic et 200sp open controller cpu 1515sp pc2", scope: "lt", trust: 1, vendor: "siemens", version: "20.8", }, { model: "simatic s7-1500 cpu 1512c", scope: "lt", trust: 1, vendor: "siemens", version: "2.8.1", }, { model: "simatic et 200 sp open controller cpu 1515sp pc", scope: null, trust: 0.8, vendor: "siemens", version: null, }, { model: "simatic et 200 sp open controller cpu 1515sp pc2", scope: null, trust: 0.8, vendor: "siemens", version: null, }, { model: "simatic s7-1200 cpu 1211c", scope: null, trust: 0.8, vendor: "siemens", version: null, }, { model: "simatic s7-1200 cpu 1212c", scope: null, trust: 0.8, vendor: "siemens", version: null, }, { model: "simatic s7-1200 cpu 1214c", scope: null, trust: 0.8, vendor: "siemens", version: null, }, { model: "simatic s7-1200 cpu 1215c", scope: null, trust: 0.8, vendor: "siemens", version: null, }, { model: "simatic s7-1200 cpu 1217c", scope: null, trust: 0.8, vendor: "siemens", version: null, }, { model: "simatic s7-1500 cpu 1511c", scope: null, trust: 0.8, vendor: "siemens", version: null, }, { model: "simatic s7-1500 cpu 1512c", scope: null, trust: 0.8, vendor: "siemens", version: null, }, { model: "simatic s7-1500 cpu 1518", scope: null, trust: 0.8, vendor: "siemens", version: null, }, { model: "simatic s7-1500 software controller", scope: null, trust: 0.6, vendor: "siemens", version: null, }, { model: "simatic s7-1500 cpu family", scope: null, trust: 0.6, vendor: "siemens", version: null, }, { model: "simatic s7-plcsim advanced", scope: null, trust: 0.6, vendor: "siemens", version: null, }, { model: "simatic s7-1200 cpu family", scope: "gte", trust: 0.6, vendor: "siemens", version: "v4.0", }, { model: "simatic et 200sp open controller cpu1515sp pc", scope: null, trust: 0.6, vendor: "siemens", version: null, }, { model: "simatic et 200sp open controller cpu1515sp pc2", scope: null, trust: 0.6, vendor: "siemens", version: null, }, { model: null, scope: "eq", trust: 0.2, vendor: "simatic et 200sp open controller cpu 1515sp pc", version: "*", }, { model: null, scope: "eq", trust: 0.2, vendor: "simatic s7 1500 cpu 1512c", version: "*", }, { model: null, scope: "eq", trust: 0.2, vendor: "simatic s7 1500", version: "*", }, { model: null, scope: "eq", trust: 0.2, vendor: "simatic s7 plcsim advanced", version: "*", }, { model: null, scope: "eq", trust: 0.2, vendor: "simatic et 200sp open controller cpu 1515sp pc2", version: "*", }, { model: null, scope: "eq", trust: 0.2, vendor: "simatic s7 1200 cpu 1211c", version: "*", }, { model: null, scope: "eq", trust: 0.2, vendor: "simatic s7 1200 cpu 1212c", version: "*", }, { model: null, scope: "eq", trust: 0.2, vendor: "simatic s7 1200 cpu 1214c", version: "*", }, { model: null, scope: "eq", trust: 0.2, vendor: "simatic s7 1200 cpu 1215c", version: "*", }, { model: null, scope: "eq", trust: 0.2, vendor: "simatic s7 1200 cpu 1217c", version: "*", }, { model: null, scope: "eq", trust: 0.2, vendor: "simatic s7 1500 cpu 1518", version: "*", }, { model: null, scope: "eq", trust: 0.2, vendor: "simatic s7 1500 cpu 1511c", version: "*", }, ], sources: [ { db: "IVD", id: "f259ba44-659c-4896-9e72-76a889fc2aca", }, { db: "CNVD", id: "CNVD-2019-27700", }, { db: "JVNDB", id: "JVNDB-2019-008098", }, { db: "NVD", id: "CVE-2019-10943", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_et_200sp_open_controller_cpu_1515sp_pc_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_et_200sp_open_controller_cpu_1515sp_pc:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_et_200sp_open_controller_cpu_1515sp_pc2_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "20.8", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_et_200sp_open_controller_cpu_1515sp_pc2:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_s7-1200_cpu_1211c_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "4.4", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_s7-1200_cpu_1211c:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_s7-1200_cpu_1212c_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "4.4", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_s7-1200_cpu_1212c:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_s7-1200_cpu_1214c_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "4.4", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_s7-1200_cpu_1214c:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_s7-1200_cpu_1215c_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "4.4", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_s7-1200_cpu_1215c:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_s7-1200_cpu_1217c_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "4.4", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_s7-1200_cpu_1217c:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_s7-1500_cpu_1518_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.8.1", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1518:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_s7-1500_cpu_1511c_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.8.1", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1511c:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_s7-1500_cpu_1512c_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.8.1", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1512c:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:siemens:simatic_s7-1500_software_controller:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "20.8", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:siemens:simatic_s7_plcsim_advanced:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "3.0", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2019-10943", }, ], }, cve: "CVE-2019-10943", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "NONE", exploitabilityScore: 10, impactScore: 2.9, integrityImpact: "PARTIAL", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "None", author: "NVD", availabilityImpact: "None", baseScore: 5, confidentialityImpact: "None", exploitabilityScore: null, id: "CVE-2019-10943", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "NONE", exploitabilityScore: 10, id: "CNVD-2019-27700", impactScore: 2.9, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 0.6, vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "IVD", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "NONE", exploitabilityScore: 10, id: "f259ba44-659c-4896-9e72-76a889fc2aca", impactScore: 2.9, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 0.2, vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N", version: "2.9 [IVD]", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "VULHUB", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "NONE", exploitabilityScore: 10, id: "VHN-142540", impactScore: 2.9, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 0.1, vectorString: "AV:N/AC:L/AU:N/C:N/I:P/A:N", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", exploitabilityScore: 3.9, impactScore: 3.6, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "None", baseScore: 7.5, baseSeverity: "High", confidentialityImpact: "None", exploitabilityScore: null, id: "CVE-2019-10943", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2019-10943", trust: 1.8, value: "HIGH", }, { author: "CNVD", id: "CNVD-2019-27700", trust: 0.6, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-201908-899", trust: 0.6, value: "HIGH", }, { author: "IVD", id: "f259ba44-659c-4896-9e72-76a889fc2aca", trust: 0.2, value: "HIGH", }, { author: "VULHUB", id: "VHN-142540", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "IVD", id: "f259ba44-659c-4896-9e72-76a889fc2aca", }, { db: "CNVD", id: "CNVD-2019-27700", }, { db: "VULHUB", id: "VHN-142540", }, { db: "JVNDB", id: "JVNDB-2019-008098", }, { db: "NVD", id: "CVE-2019-10943", }, { db: "CNNVD", id: "CNNVD-201908-899", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "A vulnerability has been identified in SIMATIC Drive Controller family (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V20.8), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions >= V20.8), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.4.0), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions >= V4.4.0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V2.8.1), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions >= V2.8.1), SIMATIC S7-1500 Software Controller (All versions < V20.8), SIMATIC S7-1500 Software Controller (All versions >= V20.8), SIMATIC S7-PLCSIM Advanced (All versions < V3.0), SIMATIC S7-PLCSIM Advanced (All versions >= V3.0). An attacker with network access to port 102/tcp could potentially modify the user program on the PLC in a way that the running code is different from the source code which is stored on the device. An attacker must have network access to affected devices and must be able to perform changes to the user program. The vulnerability could impact the perceived integrity of the user program stored on the CPU. An engineer that tries to obtain the code of the user program running on the device, can receive different source code that is not actually running on the device. plural SIMATIC The product contains an access control vulnerability.Information may be tampered with. The Simatic S7-1200 CPU and Simatic S7-1500 CPU series are discrete and continuous control in industrial environments such as manufacturing, food and beverage, and chemical industries. \n\nA man-in-the-middle attack vulnerability exists in the SIMATICS7-1200 and SIMATICS7-1500CPU families. A vulnerability has been identified in SIMATIC ET200SP (incl. No public exploitation of the vulnerability was known at the time of advisory publication. Both Siemens SIMATIC S7-1500 CPU and Siemens SIMATIC S7-1200 are products of Siemens, Germany. SIMATIC S7-1500 CPU is a CPU (central processing unit) module. Siemens SIMATIC S7-1200 is a S7-1200 series PLC (programmable logic controller). This vulnerability stems from network systems or products not properly restricting access to resources from unauthorized roles", sources: [ { db: "NVD", id: "CVE-2019-10943", }, { db: "JVNDB", id: "JVNDB-2019-008098", }, { db: "CNVD", id: "CNVD-2019-27700", }, { db: "IVD", id: "f259ba44-659c-4896-9e72-76a889fc2aca", }, { db: "VULHUB", id: "VHN-142540", }, ], trust: 2.43, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2019-10943", trust: 3.3, }, { db: "SIEMENS", id: "SSA-232418", trust: 2.3, }, { db: "ICS CERT", id: "ICSA-19-344-06", trust: 1.4, }, { db: "CNNVD", id: "CNNVD-201908-899", trust: 0.9, }, { db: "CNVD", id: "CNVD-2019-27700", trust: 0.8, }, { db: "JVNDB", id: "JVNDB-2019-008098", trust: 0.8, }, { db: "AUSCERT", id: "ESB-2019.4621", trust: 0.6, }, { db: "IVD", id: "F259BA44-659C-4896-9E72-76A889FC2ACA", trust: 0.2, }, { db: "VULHUB", id: "VHN-142540", trust: 0.1, }, ], sources: [ { db: "IVD", id: "f259ba44-659c-4896-9e72-76a889fc2aca", }, { db: "CNVD", id: "CNVD-2019-27700", }, { db: "VULHUB", id: "VHN-142540", }, { db: "JVNDB", id: "JVNDB-2019-008098", }, { db: "NVD", id: "CVE-2019-10943", }, { db: "CNNVD", id: "CNNVD-201908-899", }, ], }, id: "VAR-201908-1838", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "IVD", id: "f259ba44-659c-4896-9e72-76a889fc2aca", }, { db: "CNVD", id: "CNVD-2019-27700", }, { db: "VULHUB", id: "VHN-142540", }, ], trust: 1.61853818, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "ICS", "Network device", ], sub_category: null, trust: 0.6, }, { category: [ "ICS", ], sub_category: null, trust: 0.2, }, ], sources: [ { db: "IVD", id: "f259ba44-659c-4896-9e72-76a889fc2aca", }, { db: "CNVD", id: "CNVD-2019-27700", }, ], }, last_update_date: "2023-12-18T12:43:19.299000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "SSA-232418", trust: 0.8, url: "https://cert-portal.siemens.com/productcert/pdf/ssa-232418.pdf", }, { title: "Patch for SIMATICS7-1200 and SIMATICS7-1500CPU families permission access vulnerability", trust: 0.6, url: "https://www.cnvd.org.cn/patchinfo/show/175779", }, ], sources: [ { db: "CNVD", id: "CNVD-2019-27700", }, { db: "JVNDB", id: "JVNDB-2019-008098", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-353", trust: 1, }, { problemtype: "CWE-284", trust: 0.9, }, { problemtype: "CWE-345", trust: 0.1, }, ], sources: [ { db: "VULHUB", id: "VHN-142540", }, { db: "JVNDB", id: "JVNDB-2019-008098", }, { db: "NVD", id: "CVE-2019-10943", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.3, url: "https://cert-portal.siemens.com/productcert/pdf/ssa-232418.pdf", }, { trust: 1.4, url: "https://www.us-cert.gov/ics/advisories/icsa-19-344-06", }, { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2019-10943", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10943", }, { trust: 0.6, url: "https://vigilance.fr/vulnerability/simatic-two-vulnerabilities-30052", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2019.4621/", }, ], sources: [ { db: "CNVD", id: "CNVD-2019-27700", }, { db: "VULHUB", id: "VHN-142540", }, { db: "JVNDB", id: "JVNDB-2019-008098", }, { db: "NVD", id: "CVE-2019-10943", }, { db: "CNNVD", id: "CNNVD-201908-899", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "IVD", id: "f259ba44-659c-4896-9e72-76a889fc2aca", }, { db: "CNVD", id: "CNVD-2019-27700", }, { db: "VULHUB", id: "VHN-142540", }, { db: "JVNDB", id: "JVNDB-2019-008098", }, { db: "NVD", id: "CVE-2019-10943", }, { db: "CNNVD", id: "CNNVD-201908-899", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2019-08-15T00:00:00", db: "IVD", id: "f259ba44-659c-4896-9e72-76a889fc2aca", }, { date: "2019-08-15T00:00:00", db: "CNVD", id: "CNVD-2019-27700", }, { date: "2019-08-13T00:00:00", db: "VULHUB", id: "VHN-142540", }, { date: "2019-08-26T00:00:00", db: "JVNDB", id: "JVNDB-2019-008098", }, { date: "2019-08-13T19:15:15.530000", db: "NVD", id: "CVE-2019-10943", }, { date: "2019-08-13T00:00:00", db: "CNNVD", id: "CNNVD-201908-899", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2019-08-30T00:00:00", db: "CNVD", id: "CNVD-2019-27700", }, { date: "2020-10-02T00:00:00", db: "VULHUB", id: "VHN-142540", }, { date: "2019-12-11T00:00:00", db: "JVNDB", id: "JVNDB-2019-008098", }, { date: "2022-08-10T20:28:13.013000", db: "NVD", id: "CVE-2019-10943", }, { date: "2022-08-11T00:00:00", db: "CNNVD", id: "CNNVD-201908-899", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-201908-899", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural SIMATIC Access control vulnerabilities in products", sources: [ { db: "JVNDB", id: "JVNDB-2019-008098", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "data forgery", sources: [ { db: "CNNVD", id: "CNNVD-201908-899", }, ], trust: 0.6, }, }