Vulnerabilites related to siemens - simatic_et_200sp_open_controller
Vulnerability from fkie_nvd
Published
2021-06-09 19:15
Modified
2024-11-21 05:14
Summary
Domain-bypass transient execution vulnerability in some Intel Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
Impacted products
Vendor Product Version
intel atom_c3308 -
intel atom_c3336 -
intel atom_c3338 -
intel atom_c3338r -
intel atom_c3436l -
intel atom_c3508 -
intel atom_c3538 -
intel atom_c3558 -
intel atom_c3558r -
intel atom_c3558rc -
intel atom_c3708 -
intel atom_c3750 -
intel atom_c3758 -
intel atom_c3758r -
intel atom_c3808 -
intel atom_c3830 -
intel atom_c3850 -
intel atom_c3858 -
intel atom_c3950 -
intel atom_c3955 -
intel atom_c3958 -
intel atom_p5942b -
intel atom_x5-a3930 -
intel atom_x5-a3940 -
intel atom_x5-a3950 -
intel atom_x5-a3960 -
intel atom_x6200fe -
intel atom_x6211e -
intel atom_x6212re -
intel atom_x6413e -
intel atom_x6425e -
intel atom_x6425re -
intel atom_x6427fe -
intel celeron_j3355 -
intel celeron_j3355e -
intel celeron_j3455 -
intel celeron_j3455e -
intel celeron_j4005 -
intel celeron_j4025 -
intel celeron_j4105 -
intel celeron_j4125 -
intel celeron_j6413 -
intel celeron_n3350 -
intel celeron_n3350e -
intel celeron_n3450 -
intel celeron_n4000 -
intel celeron_n4020 -
intel celeron_n4100 -
intel celeron_n4120 -
intel celeron_n6211 -
intel core_i3-l13g4 -
intel core_i5-l16g7 -
intel p5921b -
intel p5931b -
intel p5962b -
intel pentium_j4205 -
intel pentium_j6425 -
intel pentium_n4200 -
intel pentium_n4200e -
intel pentium_n6415 -
intel pentium_silver_j5005 -
intel pentium_silver_j5040 -
intel pentium_silver_n5000 -
intel pentium_silver_n5030 -
debian debian_linux 9.0
debian debian_linux 10.0
siemens simatic_drive_controller_firmware *
siemens simatic_drive_controller -
siemens simatic_et_200sp_open_controller_firmware *
siemens simatic_et_200sp_open_controller -
siemens simatic_ipc127e_firmware *
siemens simatic_ipc127e -



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:intel:atom_c3308:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5E18B9E2-0659-4A50-88F6-D3D429EC5F8A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:intel:atom_c3336:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "158C116D-5E24-4593-A283-F6810E424B5E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:intel:atom_c3338:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "DEE5F25C-8092-4A74-B265-4BB720DA1A4B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:intel:atom_c3338r:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "C58BF4A8-2B69-49B7-9113-554D61CE9FDB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:intel:atom_c3436l:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "11C5EF68-F91F-4395-BDC6-CD3B7348C45C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:intel:atom_c3508:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A33FC1CB-7983-48B9-AF3C-E3CF958B5FA6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:intel:atom_c3538:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "FF500096-2B4A-476B-BBCA-1FEE100ABC91",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:intel:atom_c3558:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5F17C3AB-AC03-427F-B0A9-9EACD2A231C6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:intel:atom_c3558r:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "2951F904-97AA-4AE6-B227-0A0D282369ED",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:intel:atom_c3558rc:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "70C31407-B78D-4406-B3B8-49BD89E674ED",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:intel:atom_c3708:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "4058BBB2-268F-47E6-BE5A-992C5F460BC6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:intel:atom_c3750:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "0F191949-2674-4968-90CC-030D6E8901D2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:intel:atom_c3758:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "6893581C-5447-4FAD-BFCB-41727FAB4CF9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:intel:atom_c3758r:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "E0E89FF1-C329-4975-9706-75FD84FDD5C2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:intel:atom_c3808:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "42737F96-25B8-4E3E-AED2-47FA27075A23",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:intel:atom_c3830:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "D397ED37-60EE-49F0-95F0-2C6F666E9368",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:intel:atom_c3850:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "65F731F9-59EB-4161-AB8B-506BC336B987",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:intel:atom_c3858:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "9F35B073-EA5F-4746-AB8B-674C9EAFDC3E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:intel:atom_c3950:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "9EA6C3DB-8E6D-4CF8-BD52-B362C83DF4A4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:intel:atom_c3955:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "C6107B3F-C7FE-46EF-A80E-1A4DD55F9306",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:intel:atom_c3958:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "36E7FA68-B62B-4EEF-B8EA-665026E1E3F3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:intel:atom_p5942b:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "9D860FEC-BA79-4FEE-A79C-88AA857358E4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:intel:atom_x5-a3930:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "E374730D-0311-47F5-9EE3-ECD205693167",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:intel:atom_x5-a3940:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "45765887-0882-4D33-9D32-675581C35BC6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:intel:atom_x5-a3950:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "8B2D4F4B-6DB7-414D-A41F-DA17D7C1AA52",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:intel:atom_x5-a3960:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "2EB4891F-358E-4A6E-A3D4-C83F8E45B19D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:intel:atom_x6200fe:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "89231773-9D9B-434A-A6A3-8527C4F6FEBB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:intel:atom_x6211e:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A85EA674-2537-4323-AEDA-FA356489E7DE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:intel:atom_x6212re:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F85599DD-3F80-4EB0-9753-D24EDD8D76CC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:intel:atom_x6413e:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "1B3348F4-8E2B-42BE-9F3A-48DFF5CE0047",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:intel:atom_x6425e:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "7F068F4F-8CCD-4218-871C-BEABEB0DAB55",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:intel:atom_x6425re:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "7313975C-41A5-4657-8758-1C16F947BE4C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:intel:atom_x6427fe:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "2FBE4406-9979-4723-833C-176F051E6389",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:intel:celeron_j3355:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "7087FCA7-6D5C-45A5-B380-533915BC608A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:intel:celeron_j3355e:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "85683891-11D4-47B1-834B-5E0380351E78",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:intel:celeron_j3455:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "DBF2D89D-AC2D-4EAB-ADF3-66C25FE54E19",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:intel:celeron_j3455e:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "03D778C7-F242-4A6A-9B62-A7C578D985FC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:intel:celeron_j4005:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "652EC574-B9B6-4747-AE72-39D1379A596B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:intel:celeron_j4025:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "522A9A57-B8D8-4C61-92E3-BE894A765C12",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:intel:celeron_j4105:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A588BEB3-90B5-482E-B6C4-DC6529B0B4C4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:intel:celeron_j4125:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "826BAF04-E174-483D-8700-7FA1EAC4D555",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:intel:celeron_j6413:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F7A8BF58-1D33-484A-951C-808443912BE8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:intel:celeron_n3350:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F5884F21-BAB5-4A45-8C72-C90D07BAECA8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:intel:celeron_n3350e:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "EC2A2AC5-FA56-49F0-BA00-E96B10FEF889",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:intel:celeron_n3450:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "B8FF7ADD-9E27-4A23-9714-5B76132C20BC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:intel:celeron_n4000:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "C8771AB4-2F51-494D-8C86-3524BB4219C7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:intel:celeron_n4020:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "6D7E822D-994F-410D-B13C-939449FFC293",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:intel:celeron_n4100:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "AB5576F2-4914-427C-9518-ED7D16630CC5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:intel:celeron_n4120:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "3ABB7C52-863F-4291-A05B-422EE9615FAE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:intel:celeron_n6211:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "406E9139-BCFF-406B-A856-57896D27B752",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:intel:core_i3-l13g4:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "39FD6F9C-FEEA-4D52-8745-6477B50AFB0C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:intel:core_i5-l16g7:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "9A4FD69F-FF53-43F4-97C8-40867DB67958",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:intel:p5921b:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "6E51393D-0855-41EA-9A57-090B47F84838",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:intel:p5931b:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "7E5668AC-EF49-43CF-8CE4-CCE3AA999F6B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:intel:p5962b:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "69383613-C04B-4C0F-8589-6F3EF6D45797",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:intel:pentium_j4205:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "B6585755-C56C-4910-A7D5-B2153396AC7A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:intel:pentium_j6425:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "D97C7A90-D8C6-4901-BCA1-E40DA173AA9D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:intel:pentium_n4200:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "9A944A8C-462E-4FF9-8AD6-1687297DD0DE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:intel:pentium_n4200e:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5378FE6C-251A-4BCD-B151-EA42B594DC37",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:intel:pentium_n6415:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "638FA431-71EA-4668-AFF2-989A4994ED12",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:intel:pentium_silver_j5005:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "EC903FA4-2C4E-4EBB-8BFA-579844B87354",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:intel:pentium_silver_j5040:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "667F2E6C-C2FD-4E4B-9CC4-2EF33A74F61B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:intel:pentium_silver_n5000:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "2DF16D51-5662-47C3-8911-0FACEEDB9D80",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:intel:pentium_silver_n5030:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "ECC4430E-E4B1-454F-8C95-6412D34454C4",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:simatic_drive_controller_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "143C062B-4DFB-4570-BE8F-7873B67A4BA3",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:simatic_drive_controller:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "0137C77B-D587-47D6-AEBE-462D00546FD7",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:simatic_et_200sp_open_controller_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "EE9938FA-DE0B-4A60-A931-CE48CEB7F635",
                     versionEndExcluding: "0209_0105",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:simatic_et_200sp_open_controller:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A5B5313D-48E9-47F5-BF59-C71A255D9831",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:simatic_ipc127e_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "466CDD7A-1B83-46C4-AC57-78E02811FFE0",
                     versionEndExcluding: "21.01.07",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:simatic_ipc127e:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F63C0B17-60E2-4240-92FD-4B7C7D8F2C8B",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Domain-bypass transient execution vulnerability in some Intel Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
      },
      {
         lang: "es",
         value: "Una vulnerabilidad en la ejecución transitoria de omisión de dominios en algunos procesadores Intel Atom® puede permitir a un usuario autenticado permitir potencialmente una divulgación de información por medio de un acceso local",
      },
   ],
   id: "CVE-2020-24513",
   lastModified: "2024-11-21T05:14:56.957",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "LOW",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "LOCAL",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 2.1,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "NONE",
               vectorString: "AV:L/AC:L/Au:N/C:P/I:N/A:N",
               version: "2.0",
            },
            exploitabilityScore: 3.9,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "NONE",
               baseScore: 6.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "HIGH",
               integrityImpact: "NONE",
               privilegesRequired: "LOW",
               scope: "CHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2,
            impactScore: 4,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2021-06-09T19:15:08.963",
   references: [
      {
         source: "secure@intel.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://cert-portal.siemens.com/productcert/pdf/ssa-309571.pdf",
      },
      {
         source: "secure@intel.com",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2021/07/msg00022.html",
      },
      {
         source: "secure@intel.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2021/dsa-4934",
      },
      {
         source: "secure@intel.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00465.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://cert-portal.siemens.com/productcert/pdf/ssa-309571.pdf",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2021/07/msg00022.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2021/dsa-4934",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00465.html",
      },
   ],
   sourceIdentifier: "secure@intel.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-noinfo",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2020-12-14 21:15
Modified
2024-11-21 05:06
Summary
A vulnerability has been identified in SIMATIC ET 200SP Open Controller (incl. SIPLUS variants) (V20.8), SIMATIC S7-1500 Software Controller (V20.8). The web server of the affected products contains a vulnerability that could allow a remote attacker to trigger a denial-of-service condition by sending a specially crafted HTTP request.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:simatic_et_200sp_open_controller_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "BB17DB68-B876-4238-961E-383E0CD24E66",
                     versionEndIncluding: "20.8",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:simatic_et_200sp_open_controller:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A5B5313D-48E9-47F5-BF59-C71A255D9831",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:simatic_s7-1500_software_controller_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "2BDF4011-5D76-4A15-9E2F-01B38685CD7B",
                     versionEndIncluding: "20.8",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:simatic_s7-1500_software_controller:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "FE4D4D21-9868-4FA3-89A8-1EEC473383EF",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "A vulnerability has been identified in SIMATIC ET 200SP Open Controller (incl. SIPLUS variants) (V20.8), SIMATIC S7-1500 Software Controller (V20.8). The web server of the affected products contains a vulnerability that could allow a remote attacker to trigger a denial-of-service condition by sending a specially crafted HTTP request.",
      },
      {
         lang: "es",
         value: "Se ha identificado una vulnerabilidad en SIMATIC ET 200SP Open Controller (incluyendo variantes SIPLUS) (versión V20.8), SIMATIC S7-1500 Software Controller (versión V20.8). El servidor web de los productos afectados contiene una vulnerabilidad que podría permitir a un atacante remoto desencadenar una condición de denegación de servicio mediante el envío de una petición HTTP especialmente diseñada",
      },
   ],
   id: "CVE-2020-15796",
   lastModified: "2024-11-21T05:06:11.890",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 5,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 7.5,
               baseSeverity: "HIGH",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2020-12-14T21:15:19.440",
   references: [
      {
         source: "productcert@siemens.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://cert-portal.siemens.com/productcert/pdf/ssa-700697.pdf",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://cert-portal.siemens.com/productcert/pdf/ssa-700697.pdf",
      },
   ],
   sourceIdentifier: "productcert@siemens.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-248",
            },
         ],
         source: "productcert@siemens.com",
         type: "Primary",
      },
   ],
}

cve-2020-24513
Vulnerability from cvelistv5
Published
2021-06-09 18:54
Modified
2024-08-04 15:12
Severity ?
Summary
Domain-bypass transient execution vulnerability in some Intel Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
Impacted products
Vendor Product Version
n/a Intel Atom(R) Processors Version: See references
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T15:12:08.752Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00465.html",
               },
               {
                  name: "DSA-4934",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2021/dsa-4934",
               },
               {
                  name: "[debian-lts-announce] 20210726 [SECURITY] [DLA 2718-1] intel-microcode security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2021/07/msg00022.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://cert-portal.siemens.com/productcert/pdf/ssa-309571.pdf",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Intel Atom(R) Processors",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "See references",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Domain-bypass transient execution vulnerability in some Intel Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "information disclosure",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2021-08-10T11:06:29",
            orgId: "6dda929c-bb53-4a77-a76d-48e79601a1ce",
            shortName: "intel",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00465.html",
            },
            {
               name: "DSA-4934",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "https://www.debian.org/security/2021/dsa-4934",
            },
            {
               name: "[debian-lts-announce] 20210726 [SECURITY] [DLA 2718-1] intel-microcode security update",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2021/07/msg00022.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://cert-portal.siemens.com/productcert/pdf/ssa-309571.pdf",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secure@intel.com",
               ID: "CVE-2020-24513",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Intel Atom(R) Processors",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "See references",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Domain-bypass transient execution vulnerability in some Intel Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "information disclosure",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00465.html",
                     refsource: "MISC",
                     url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00465.html",
                  },
                  {
                     name: "DSA-4934",
                     refsource: "DEBIAN",
                     url: "https://www.debian.org/security/2021/dsa-4934",
                  },
                  {
                     name: "[debian-lts-announce] 20210726 [SECURITY] [DLA 2718-1] intel-microcode security update",
                     refsource: "MLIST",
                     url: "https://lists.debian.org/debian-lts-announce/2021/07/msg00022.html",
                  },
                  {
                     name: "https://cert-portal.siemens.com/productcert/pdf/ssa-309571.pdf",
                     refsource: "CONFIRM",
                     url: "https://cert-portal.siemens.com/productcert/pdf/ssa-309571.pdf",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "6dda929c-bb53-4a77-a76d-48e79601a1ce",
      assignerShortName: "intel",
      cveId: "CVE-2020-24513",
      datePublished: "2021-06-09T18:54:08",
      dateReserved: "2020-08-19T00:00:00",
      dateUpdated: "2024-08-04T15:12:08.752Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2020-15796
Vulnerability from cvelistv5
Published
2020-12-14 21:05
Modified
2024-08-04 13:30
Severity ?
Summary
A vulnerability has been identified in SIMATIC ET 200SP Open Controller (incl. SIPLUS variants) (V20.8), SIMATIC S7-1500 Software Controller (V20.8). The web server of the affected products contains a vulnerability that could allow a remote attacker to trigger a denial-of-service condition by sending a specially crafted HTTP request.
Impacted products
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T13:30:21.823Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://cert-portal.siemens.com/productcert/pdf/ssa-700697.pdf",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "SIMATIC ET 200SP Open Controller (incl. SIPLUS variants)",
               vendor: "Siemens",
               versions: [
                  {
                     status: "affected",
                     version: "V20.8",
                  },
               ],
            },
            {
               product: "SIMATIC S7-1500 Software Controller",
               vendor: "Siemens",
               versions: [
                  {
                     status: "affected",
                     version: "V20.8",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "A vulnerability has been identified in SIMATIC ET 200SP Open Controller (incl. SIPLUS variants) (V20.8), SIMATIC S7-1500 Software Controller (V20.8). The web server of the affected products contains a vulnerability that could allow a remote attacker to trigger a denial-of-service condition by sending a specially crafted HTTP request.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-248",
                     description: "CWE-248: Uncaught Exception",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-12-14T21:05:18",
            orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
            shortName: "siemens",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://cert-portal.siemens.com/productcert/pdf/ssa-700697.pdf",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "productcert@siemens.com",
               ID: "CVE-2020-15796",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "SIMATIC ET 200SP Open Controller (incl. SIPLUS variants)",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "V20.8",
                                       },
                                    ],
                                 },
                              },
                              {
                                 product_name: "SIMATIC S7-1500 Software Controller",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "V20.8",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Siemens",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "A vulnerability has been identified in SIMATIC ET 200SP Open Controller (incl. SIPLUS variants) (V20.8), SIMATIC S7-1500 Software Controller (V20.8). The web server of the affected products contains a vulnerability that could allow a remote attacker to trigger a denial-of-service condition by sending a specially crafted HTTP request.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "CWE-248: Uncaught Exception",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://cert-portal.siemens.com/productcert/pdf/ssa-700697.pdf",
                     refsource: "MISC",
                     url: "https://cert-portal.siemens.com/productcert/pdf/ssa-700697.pdf",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
      assignerShortName: "siemens",
      cveId: "CVE-2020-15796",
      datePublished: "2020-12-14T21:05:18",
      dateReserved: "2020-07-15T00:00:00",
      dateUpdated: "2024-08-04T13:30:21.823Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}