All the vulnerabilites related to siemens - simatic_et_200sp_open_controller_firmware
Vulnerability from fkie_nvd
Published
2021-06-09 19:15
Modified
2024-11-21 05:14
Severity ?
Summary
Domain-bypass transient execution vulnerability in some Intel Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@intel.com | https://cert-portal.siemens.com/productcert/pdf/ssa-309571.pdf | Third Party Advisory | |
| secure@intel.com | https://lists.debian.org/debian-lts-announce/2021/07/msg00022.html | Mailing List, Third Party Advisory | |
| secure@intel.com | https://www.debian.org/security/2021/dsa-4934 | Third Party Advisory | |
| secure@intel.com | https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00465.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-309571.pdf | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2021/07/msg00022.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2021/dsa-4934 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00465.html | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:intel:atom_c3308:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5E18B9E2-0659-4A50-88F6-D3D429EC5F8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_c3336:-:*:*:*:*:*:*:*",
"matchCriteriaId": "158C116D-5E24-4593-A283-F6810E424B5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_c3338:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DEE5F25C-8092-4A74-B265-4BB720DA1A4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_c3338r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C58BF4A8-2B69-49B7-9113-554D61CE9FDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_c3436l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "11C5EF68-F91F-4395-BDC6-CD3B7348C45C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_c3508:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A33FC1CB-7983-48B9-AF3C-E3CF958B5FA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_c3538:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FF500096-2B4A-476B-BBCA-1FEE100ABC91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_c3558:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5F17C3AB-AC03-427F-B0A9-9EACD2A231C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_c3558r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2951F904-97AA-4AE6-B227-0A0D282369ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_c3558rc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "70C31407-B78D-4406-B3B8-49BD89E674ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_c3708:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4058BBB2-268F-47E6-BE5A-992C5F460BC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_c3750:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0F191949-2674-4968-90CC-030D6E8901D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_c3758:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6893581C-5447-4FAD-BFCB-41727FAB4CF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_c3758r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0E89FF1-C329-4975-9706-75FD84FDD5C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_c3808:-:*:*:*:*:*:*:*",
"matchCriteriaId": "42737F96-25B8-4E3E-AED2-47FA27075A23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_c3830:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D397ED37-60EE-49F0-95F0-2C6F666E9368",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_c3850:-:*:*:*:*:*:*:*",
"matchCriteriaId": "65F731F9-59EB-4161-AB8B-506BC336B987",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_c3858:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9F35B073-EA5F-4746-AB8B-674C9EAFDC3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_c3950:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9EA6C3DB-8E6D-4CF8-BD52-B362C83DF4A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_c3955:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C6107B3F-C7FE-46EF-A80E-1A4DD55F9306",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_c3958:-:*:*:*:*:*:*:*",
"matchCriteriaId": "36E7FA68-B62B-4EEF-B8EA-665026E1E3F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_p5942b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9D860FEC-BA79-4FEE-A79C-88AA857358E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_x5-a3930:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E374730D-0311-47F5-9EE3-ECD205693167",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_x5-a3940:-:*:*:*:*:*:*:*",
"matchCriteriaId": "45765887-0882-4D33-9D32-675581C35BC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_x5-a3950:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8B2D4F4B-6DB7-414D-A41F-DA17D7C1AA52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_x5-a3960:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2EB4891F-358E-4A6E-A3D4-C83F8E45B19D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_x6200fe:-:*:*:*:*:*:*:*",
"matchCriteriaId": "89231773-9D9B-434A-A6A3-8527C4F6FEBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_x6211e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A85EA674-2537-4323-AEDA-FA356489E7DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_x6212re:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F85599DD-3F80-4EB0-9753-D24EDD8D76CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_x6413e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1B3348F4-8E2B-42BE-9F3A-48DFF5CE0047",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_x6425e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7F068F4F-8CCD-4218-871C-BEABEB0DAB55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_x6425re:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7313975C-41A5-4657-8758-1C16F947BE4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_x6427fe:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2FBE4406-9979-4723-833C-176F051E6389",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:celeron_j3355:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7087FCA7-6D5C-45A5-B380-533915BC608A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:celeron_j3355e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "85683891-11D4-47B1-834B-5E0380351E78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:celeron_j3455:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DBF2D89D-AC2D-4EAB-ADF3-66C25FE54E19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:celeron_j3455e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "03D778C7-F242-4A6A-9B62-A7C578D985FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:celeron_j4005:-:*:*:*:*:*:*:*",
"matchCriteriaId": "652EC574-B9B6-4747-AE72-39D1379A596B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:celeron_j4025:-:*:*:*:*:*:*:*",
"matchCriteriaId": "522A9A57-B8D8-4C61-92E3-BE894A765C12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:celeron_j4105:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A588BEB3-90B5-482E-B6C4-DC6529B0B4C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:celeron_j4125:-:*:*:*:*:*:*:*",
"matchCriteriaId": "826BAF04-E174-483D-8700-7FA1EAC4D555",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:celeron_j6413:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F7A8BF58-1D33-484A-951C-808443912BE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:celeron_n3350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F5884F21-BAB5-4A45-8C72-C90D07BAECA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:celeron_n3350e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EC2A2AC5-FA56-49F0-BA00-E96B10FEF889",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:celeron_n3450:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B8FF7ADD-9E27-4A23-9714-5B76132C20BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:celeron_n4000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C8771AB4-2F51-494D-8C86-3524BB4219C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:celeron_n4020:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6D7E822D-994F-410D-B13C-939449FFC293",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:celeron_n4100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AB5576F2-4914-427C-9518-ED7D16630CC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:celeron_n4120:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3ABB7C52-863F-4291-A05B-422EE9615FAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:celeron_n6211:-:*:*:*:*:*:*:*",
"matchCriteriaId": "406E9139-BCFF-406B-A856-57896D27B752",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i3-l13g4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "39FD6F9C-FEEA-4D52-8745-6477B50AFB0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5-l16g7:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9A4FD69F-FF53-43F4-97C8-40867DB67958",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:p5921b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6E51393D-0855-41EA-9A57-090B47F84838",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:p5931b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7E5668AC-EF49-43CF-8CE4-CCE3AA999F6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:p5962b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "69383613-C04B-4C0F-8589-6F3EF6D45797",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:pentium_j4205:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B6585755-C56C-4910-A7D5-B2153396AC7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:pentium_j6425:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D97C7A90-D8C6-4901-BCA1-E40DA173AA9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:pentium_n4200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9A944A8C-462E-4FF9-8AD6-1687297DD0DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:pentium_n4200e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5378FE6C-251A-4BCD-B151-EA42B594DC37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:pentium_n6415:-:*:*:*:*:*:*:*",
"matchCriteriaId": "638FA431-71EA-4668-AFF2-989A4994ED12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:pentium_silver_j5005:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EC903FA4-2C4E-4EBB-8BFA-579844B87354",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:pentium_silver_j5040:-:*:*:*:*:*:*:*",
"matchCriteriaId": "667F2E6C-C2FD-4E4B-9CC4-2EF33A74F61B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:pentium_silver_n5000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2DF16D51-5662-47C3-8911-0FACEEDB9D80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:pentium_silver_n5030:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ECC4430E-E4B1-454F-8C95-6412D34454C4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_drive_controller_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "143C062B-4DFB-4570-BE8F-7873B67A4BA3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_drive_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0137C77B-D587-47D6-AEBE-462D00546FD7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_et_200sp_open_controller_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EE9938FA-DE0B-4A60-A931-CE48CEB7F635",
"versionEndExcluding": "0209_0105",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_et_200sp_open_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A5B5313D-48E9-47F5-BF59-C71A255D9831",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_ipc127e_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "466CDD7A-1B83-46C4-AC57-78E02811FFE0",
"versionEndExcluding": "21.01.07",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_ipc127e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F63C0B17-60E2-4240-92FD-4B7C7D8F2C8B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Domain-bypass transient execution vulnerability in some Intel Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access."
},
{
"lang": "es",
"value": "Una vulnerabilidad en la ejecuci\u00f3n transitoria de omisi\u00f3n de dominios en algunos procesadores Intel Atom\u00ae puede permitir a un usuario autenticado permitir potencialmente una divulgaci\u00f3n de informaci\u00f3n por medio de un acceso local"
}
],
"id": "CVE-2020-24513",
"lastModified": "2024-11-21T05:14:56.957",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.0,
"impactScore": 4.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-06-09T19:15:08.963",
"references": [
{
"source": "secure@intel.com",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-309571.pdf"
},
{
"source": "secure@intel.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00022.html"
},
{
"source": "secure@intel.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2021/dsa-4934"
},
{
"source": "secure@intel.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00465.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-309571.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2021/dsa-4934"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00465.html"
}
],
"sourceIdentifier": "secure@intel.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-12-14 21:15
Modified
2024-11-21 05:06
Severity ?
Summary
A vulnerability has been identified in SIMATIC ET 200SP Open Controller (incl. SIPLUS variants) (V20.8), SIMATIC S7-1500 Software Controller (V20.8). The web server of the affected products contains a vulnerability that could allow a remote attacker to trigger a denial-of-service condition by sending a specially crafted HTTP request.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_et_200sp_open_controller_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BB17DB68-B876-4238-961E-383E0CD24E66",
"versionEndIncluding": "20.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_et_200sp_open_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A5B5313D-48E9-47F5-BF59-C71A255D9831",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_s7-1500_software_controller_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2BDF4011-5D76-4A15-9E2F-01B38685CD7B",
"versionEndIncluding": "20.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_s7-1500_software_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FE4D4D21-9868-4FA3-89A8-1EEC473383EF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SIMATIC ET 200SP Open Controller (incl. SIPLUS variants) (V20.8), SIMATIC S7-1500 Software Controller (V20.8). The web server of the affected products contains a vulnerability that could allow a remote attacker to trigger a denial-of-service condition by sending a specially crafted HTTP request."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en SIMATIC ET 200SP Open Controller (incluyendo variantes SIPLUS) (versi\u00f3n V20.8), SIMATIC S7-1500 Software Controller (versi\u00f3n V20.8).\u0026#xa0;El servidor web de los productos afectados contiene una vulnerabilidad que podr\u00eda permitir a un atacante remoto desencadenar una condici\u00f3n de denegaci\u00f3n de servicio mediante el env\u00edo de una petici\u00f3n HTTP especialmente dise\u00f1ada"
}
],
"id": "CVE-2020-15796",
"lastModified": "2024-11-21T05:06:11.890",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-12-14T21:15:19.440",
"references": [
{
"source": "productcert@siemens.com",
"tags": [
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-700697.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-700697.pdf"
}
],
"sourceIdentifier": "productcert@siemens.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-248"
}
],
"source": "productcert@siemens.com",
"type": "Primary"
}
]
}
cve-2020-24513
Vulnerability from cvelistv5
Published
2021-06-09 18:54
Modified
2024-08-04 15:12
Severity ?
EPSS score ?
Summary
Domain-bypass transient execution vulnerability in some Intel Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00465.html | x_refsource_MISC | |
| https://www.debian.org/security/2021/dsa-4934 | vendor-advisory, x_refsource_DEBIAN | |
| https://lists.debian.org/debian-lts-announce/2021/07/msg00022.html | mailing-list, x_refsource_MLIST | |
| https://cert-portal.siemens.com/productcert/pdf/ssa-309571.pdf | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Intel Atom(R) Processors |
Version: See references |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:12:08.752Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00465.html"
},
{
"name": "DSA-4934",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2021/dsa-4934"
},
{
"name": "[debian-lts-announce] 20210726 [SECURITY] [DLA 2718-1] intel-microcode security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00022.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-309571.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Intel Atom(R) Processors",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "See references"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Domain-bypass transient execution vulnerability in some Intel Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "information disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-10T11:06:29",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00465.html"
},
{
"name": "DSA-4934",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2021/dsa-4934"
},
{
"name": "[debian-lts-announce] 20210726 [SECURITY] [DLA 2718-1] intel-microcode security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00022.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-309571.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@intel.com",
"ID": "CVE-2020-24513",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Intel Atom(R) Processors",
"version": {
"version_data": [
{
"version_value": "See references"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Domain-bypass transient execution vulnerability in some Intel Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00465.html",
"refsource": "MISC",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00465.html"
},
{
"name": "DSA-4934",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2021/dsa-4934"
},
{
"name": "[debian-lts-announce] 20210726 [SECURITY] [DLA 2718-1] intel-microcode security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00022.html"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-309571.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-309571.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2020-24513",
"datePublished": "2021-06-09T18:54:08",
"dateReserved": "2020-08-19T00:00:00",
"dateUpdated": "2024-08-04T15:12:08.752Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-15796
Vulnerability from cvelistv5
Published
2020-12-14 21:05
Modified
2024-08-04 13:30
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in SIMATIC ET 200SP Open Controller (incl. SIPLUS variants) (V20.8), SIMATIC S7-1500 Software Controller (V20.8). The web server of the affected products contains a vulnerability that could allow a remote attacker to trigger a denial-of-service condition by sending a specially crafted HTTP request.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-700697.pdf | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||
|---|---|---|---|---|---|---|---|
| ▼ | Siemens | SIMATIC ET 200SP Open Controller (incl. SIPLUS variants) |
Version: V20.8 |
||||
|
|||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:30:21.823Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-700697.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SIMATIC ET 200SP Open Controller (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "V20.8"
}
]
},
{
"product": "SIMATIC S7-1500 Software Controller",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "V20.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SIMATIC ET 200SP Open Controller (incl. SIPLUS variants) (V20.8), SIMATIC S7-1500 Software Controller (V20.8). The web server of the affected products contains a vulnerability that could allow a remote attacker to trigger a denial-of-service condition by sending a specially crafted HTTP request."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-248",
"description": "CWE-248: Uncaught Exception",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-14T21:05:18",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-700697.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2020-15796",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SIMATIC ET 200SP Open Controller (incl. SIPLUS variants)",
"version": {
"version_data": [
{
"version_value": "V20.8"
}
]
}
},
{
"product_name": "SIMATIC S7-1500 Software Controller",
"version": {
"version_data": [
{
"version_value": "V20.8"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SIMATIC ET 200SP Open Controller (incl. SIPLUS variants) (V20.8), SIMATIC S7-1500 Software Controller (V20.8). The web server of the affected products contains a vulnerability that could allow a remote attacker to trigger a denial-of-service condition by sending a specially crafted HTTP request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-248: Uncaught Exception"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-700697.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-700697.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2020-15796",
"datePublished": "2020-12-14T21:05:18",
"dateReserved": "2020-07-15T00:00:00",
"dateUpdated": "2024-08-04T13:30:21.823Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}