All the vulnerabilites related to siemens - simatic_s7-300_cpu_317-2_dp
cve-2020-15783
Vulnerability from cvelistv5
Published
2020-11-12 19:21
Modified
2024-08-04 13:22
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC TDC CPU555 (All versions), SINUMERIK 840D sl (All versions). Sending multiple specially crafted packets to the affected devices could cause a Denial-of-Service on port 102. A cold restart is required to recover the service.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-492828.pdf | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) |
Version: All versions |
||||||||
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:22:30.725Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-492828.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "SIMATIC TDC CPU555",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "SINUMERIK 840D sl",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC TDC CPU555 (All versions), SINUMERIK 840D sl (All versions). Sending multiple specially crafted packets to the affected devices could cause a Denial-of-Service on port 102. A cold restart is required to recover the service."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-10T11:16:39",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-492828.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2020-15783",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants)",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC TDC CPU555",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SINUMERIK 840D sl",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC TDC CPU555 (All versions), SINUMERIK 840D sl (All versions). Sending multiple specially crafted packets to the affected devices could cause a Denial-of-Service on port 102. A cold restart is required to recover the service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400: Uncontrolled Resource Consumption"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-492828.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-492828.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2020-15783",
"datePublished": "2020-11-12T19:21:09",
"dateReserved": "2020-07-15T00:00:00",
"dateUpdated": "2024-08-04T13:22:30.725Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-13940
Vulnerability from cvelistv5
Published
2020-02-11 15:36
Modified
2024-08-05 00:05
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in SIMATIC ET 200pro IM154-8 PN/DP CPU (All versions < V3.X.17), SIMATIC ET 200pro IM154-8F PN/DP CPU (All versions < V3.X.17), SIMATIC ET 200pro IM154-8FX PN/DP CPU (All versions < V3.X.17), SIMATIC ET 200S IM151-8 PN/DP CPU (All versions < V3.X.17), SIMATIC ET 200S IM151-8F PN/DP CPU (All versions < V3.X.17), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.1), SIMATIC S7-300 CPU 314C-2 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 315-2 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 315F-2 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 315T-3 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 317-2 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 317F-2 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 317T-3 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 317TF-3 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 319-3 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 319F-3 PN/DP (All versions < V3.X.17), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions), SIMATIC WinAC RTX 2010 (All versions), SIMATIC WinAC RTX F 2010 (All versions), SIPLUS ET 200S IM151-8 PN/DP CPU (All versions < V3.X.17), SIPLUS ET 200S IM151-8F PN/DP CPU (All versions < V3.X.17), SIPLUS S7-300 CPU 314C-2 PN/DP (All versions < V3.X.17), SIPLUS S7-300 CPU 315-2 PN/DP (All versions < V3.X.17), SIPLUS S7-300 CPU 315F-2 PN/DP (All versions < V3.X.17), SIPLUS S7-300 CPU 317-2 PN/DP (All versions < V3.X.17), SIPLUS S7-300 CPU 317F-2 PN/DP (All versions < V3.X.17). Affected devices contain a vulnerability that could cause a denial of service condition of the web server
by sending specially crafted HTTP requests to ports 80/tcp and 443/tcp.
Beyond the web service, no other functions or interfaces are affected by the denial of service condition.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:05:44.018Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-431678.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200pro IM154-8 PN/DP CPU",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.X.17"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200pro IM154-8F PN/DP CPU",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.X.17"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200pro IM154-8FX PN/DP CPU",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.X.17"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200S IM151-8 PN/DP CPU",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.X.17"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200S IM151-8F PN/DP CPU",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.X.17"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1200 CPU family (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-300 CPU 314C-2 PN/DP",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.X.17"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-300 CPU 315-2 PN/DP",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.X.17"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-300 CPU 315F-2 PN/DP",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.X.17"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-300 CPU 315T-3 PN/DP",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.X.17"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-300 CPU 317-2 PN/DP",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.X.17"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-300 CPU 317F-2 PN/DP",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.X.17"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-300 CPU 317T-3 PN/DP",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.X.17"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-300 CPU 317TF-3 PN/DP",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.X.17"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-300 CPU 319-3 PN/DP",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.X.17"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-300 CPU 319F-3 PN/DP",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.X.17"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC WinAC RTX 2010",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC WinAC RTX F 2010",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200S IM151-8 PN/DP CPU",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.X.17"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200S IM151-8F PN/DP CPU",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.X.17"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-300 CPU 314C-2 PN/DP",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.X.17"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-300 CPU 315-2 PN/DP",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.X.17"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-300 CPU 315F-2 PN/DP",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.X.17"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-300 CPU 317-2 PN/DP",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.X.17"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-300 CPU 317F-2 PN/DP",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.X.17"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SIMATIC ET 200pro IM154-8 PN/DP CPU (All versions \u003c V3.X.17), SIMATIC ET 200pro IM154-8F PN/DP CPU (All versions \u003c V3.X.17), SIMATIC ET 200pro IM154-8FX PN/DP CPU (All versions \u003c V3.X.17), SIMATIC ET 200S IM151-8 PN/DP CPU (All versions \u003c V3.X.17), SIMATIC ET 200S IM151-8F PN/DP CPU (All versions \u003c V3.X.17), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions \u003c V4.1), SIMATIC S7-300 CPU 314C-2 PN/DP (All versions \u003c V3.X.17), SIMATIC S7-300 CPU 315-2 PN/DP (All versions \u003c V3.X.17), SIMATIC S7-300 CPU 315F-2 PN/DP (All versions \u003c V3.X.17), SIMATIC S7-300 CPU 315T-3 PN/DP (All versions \u003c V3.X.17), SIMATIC S7-300 CPU 317-2 PN/DP (All versions \u003c V3.X.17), SIMATIC S7-300 CPU 317F-2 PN/DP (All versions \u003c V3.X.17), SIMATIC S7-300 CPU 317T-3 PN/DP (All versions \u003c V3.X.17), SIMATIC S7-300 CPU 317TF-3 PN/DP (All versions \u003c V3.X.17), SIMATIC S7-300 CPU 319-3 PN/DP (All versions \u003c V3.X.17), SIMATIC S7-300 CPU 319F-3 PN/DP (All versions \u003c V3.X.17), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions), SIMATIC WinAC RTX 2010 (All versions), SIMATIC WinAC RTX F 2010 (All versions), SIPLUS ET 200S IM151-8 PN/DP CPU (All versions \u003c V3.X.17), SIPLUS ET 200S IM151-8F PN/DP CPU (All versions \u003c V3.X.17), SIPLUS S7-300 CPU 314C-2 PN/DP (All versions \u003c V3.X.17), SIPLUS S7-300 CPU 315-2 PN/DP (All versions \u003c V3.X.17), SIPLUS S7-300 CPU 315F-2 PN/DP (All versions \u003c V3.X.17), SIPLUS S7-300 CPU 317-2 PN/DP (All versions \u003c V3.X.17), SIPLUS S7-300 CPU 317F-2 PN/DP (All versions \u003c V3.X.17). Affected devices contain a vulnerability that could cause a denial of service condition of the web server\r\nby sending specially crafted HTTP requests to ports 80/tcp and 443/tcp.\r\n\r\nBeyond the web service, no other functions or interfaces are affected by the denial of service condition."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-10T11:39:13.999Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-431678.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2019-13940",
"datePublished": "2020-02-11T15:36:10",
"dateReserved": "2019-07-18T00:00:00",
"dateUpdated": "2024-08-05T00:05:44.018Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-15791
Vulnerability from cvelistv5
Published
2020-09-09 18:13
Modified
2024-08-04 13:22
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC S7-400 CPU family (incl. SIPLUS variants) (All versions), SIMATIC WinAC RTX (F) 2010 (All versions), SINUMERIK 840D sl (All versions). The authentication protocol between a client and a PLC via port 102/tcp (ISO-TSAP) insufficiently protects the transmitted password. This could allow an attacker that is able to intercept the network traffic to obtain valid PLC credentials.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-381684.pdf | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) |
Version: All versions |
||||||||||||
|
|||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:22:30.753Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-381684.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "SIMATIC S7-400 CPU family (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "SIMATIC WinAC RTX (F) 2010",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "SINUMERIK 840D sl",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC S7-400 CPU family (incl. SIPLUS variants) (All versions), SIMATIC WinAC RTX (F) 2010 (All versions), SINUMERIK 840D sl (All versions). The authentication protocol between a client and a PLC via port 102/tcp (ISO-TSAP) insufficiently protects the transmitted password. This could allow an attacker that is able to intercept the network traffic to obtain valid PLC credentials."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522: Insufficiently Protected Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-14T21:05:18",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-381684.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2020-15791",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants)",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC S7-400 CPU family (incl. SIPLUS variants)",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC WinAC RTX (F) 2010",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SINUMERIK 840D sl",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC S7-400 CPU family (incl. SIPLUS variants) (All versions), SIMATIC WinAC RTX (F) 2010 (All versions), SINUMERIK 840D sl (All versions). The authentication protocol between a client and a PLC via port 102/tcp (ISO-TSAP) insufficiently protects the transmitted password. This could allow an attacker that is able to intercept the network traffic to obtain valid PLC credentials."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-522: Insufficiently Protected Credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-381684.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-381684.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2020-15791",
"datePublished": "2020-09-09T18:13:11",
"dateReserved": "2020-07-15T00:00:00",
"dateUpdated": "2024-08-04T13:22:30.753Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2020-09-09 19:15
Modified
2024-11-21 05:06
Severity ?
Summary
A vulnerability has been identified in SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC S7-400 CPU family (incl. SIPLUS variants) (All versions), SIMATIC WinAC RTX (F) 2010 (All versions), SINUMERIK 840D sl (All versions). The authentication protocol between a client and a PLC via port 102/tcp (ISO-TSAP) insufficiently protects the transmitted password. This could allow an attacker that is able to intercept the network traffic to obtain valid PLC credentials.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| siemens | simatic_s7-300_cpu_312_firmware | * | |
| siemens | simatic_s7-300_cpu_312 | - | |
| siemens | simatic_s7-300_cpu_314_firmware | * | |
| siemens | simatic_s7-300_cpu_314 | - | |
| siemens | simatic_s7-300_cpu_315-2_dp_firmware | * | |
| siemens | simatic_s7-300_cpu_315-2_dp | - | |
| siemens | simatic_s7-300_cpu_315-2_pn_firmware | * | |
| siemens | simatic_s7-300_cpu_315-2_pn | - | |
| siemens | simatic_s7-300_cpu_317-2_pn_firmware | * | |
| siemens | simatic_s7-300_cpu_317-2_pn | - | |
| siemens | simatic_s7-300_cpu_317-2_dp_firmware | * | |
| siemens | simatic_s7-300_cpu_317-2_dp | - | |
| siemens | simatic_s7-300_cpu_315f-2_dp_firmware | * | |
| siemens | simatic_s7-300_cpu_315f-2_dp | - | |
| siemens | simatic_s7-300_cpu_315f-2_pn_firmware | * | |
| siemens | simatic_s7-300_cpu_315f-2_pn | - | |
| siemens | simatic_s7-300_cpu_317f-2_pn_firmware | * | |
| siemens | simatic_s7-300_cpu_317f-2_pn | - | |
| siemens | simatic_s7-300_cpu_317f-2_dp_firmware | * | |
| siemens | simatic_s7-300_cpu_317f-2_dp | - | |
| siemens | simatic_s7-400_cpu_412_firmware | * | |
| siemens | simatic_s7-400_cpu_412 | - | |
| siemens | simatic_s7-400_cpu_414_firmware | * | |
| siemens | simatic_s7-400_cpu_414 | - | |
| siemens | simatic_s7-400_cpu_416_firmware | * | |
| siemens | simatic_s7-400_cpu_416 | - | |
| siemens | simatic_s7-400_cpu_417_firmware | * | |
| siemens | simatic_s7-400_cpu_417 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_s7-300_cpu_312_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F6EF8A28-8B05-46C2-911F-37AE46E04743",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_s7-300_cpu_312:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4FB328F8-3E03-440B-AB5C-ADA1D4F07F0E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_s7-300_cpu_314_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BDD1105D-F909-4383-8490-66891609FDC7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_s7-300_cpu_314:-:*:*:*:*:*:*:*",
"matchCriteriaId": "78399465-EED5-4EBD-A2E1-6FE0BD01EDB4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_s7-300_cpu_315-2_dp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "07DC9E02-9B48-496E-8656-68CFFD399F1B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_s7-300_cpu_315-2_dp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E8FD8E6D-0527-4215-B6F0-5824011433FB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_s7-300_cpu_315-2_pn_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FEC66966-6794-4A83-A425-4BC8911392B8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_s7-300_cpu_315-2_pn:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1F007420-6EF7-4ECF-9CBE-BABF39B3EE3F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_s7-300_cpu_317-2_pn_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "581B9FCA-43EC-4BF3-B836-BBD9635EA8C9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_s7-300_cpu_317-2_pn:-:*:*:*:*:*:*:*",
"matchCriteriaId": "40F856D9-7954-4EE1-B5DA-18DFE21069AE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_s7-300_cpu_317-2_dp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F0B56C44-3148-4612-9543-9F96DF0142A6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_s7-300_cpu_317-2_dp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7593F136-F558-4C3D-8429-5141A621981B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_s7-300_cpu_315f-2_dp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4D67C040-2D94-4872-98F9-B4B08290DD03",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_s7-300_cpu_315f-2_dp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BD7AE84F-1476-4E2C-9E2B-0EDAEFE9EDA7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_s7-300_cpu_315f-2_pn_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "694D542E-3E4F-4B6B-BD87-11EDD6C60527",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_s7-300_cpu_315f-2_pn:-:*:*:*:*:*:*:*",
"matchCriteriaId": "50798314-D77E-48C9-B608-0F7A72C88138",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_s7-300_cpu_317f-2_pn_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CD47DCD2-068E-43E0-AEF8-71E9941FA816",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_s7-300_cpu_317f-2_pn:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2713CAFF-4B49-48DF-A475-02D280927113",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_s7-300_cpu_317f-2_dp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C7F1F77B-37E4-4929-BA60-C631067BE843",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_s7-300_cpu_317f-2_dp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B30FDCBC-62BC-43AC-BC92-A44D79525215",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_s7-400_cpu_412_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9D74D138-6C3A-4E20-9B29-6C9A573A6D32",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_s7-400_cpu_412:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FD7BD15E-6FB2-489A-A48B-C80021029AE5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_s7-400_cpu_414_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "33B29F2B-AC3D-49CE-9573-DCAB9169EA61",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_s7-400_cpu_414:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CE95DD6B-F615-47E5-A028-DE6DA7B32B16",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_s7-400_cpu_416_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "50F9C422-E902-4890-9CED-3213E696ABE8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_s7-400_cpu_416:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0D439724-FC4C-4006-BB0C-0DBEA89693A2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_s7-400_cpu_417_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "26FB5714-01AF-4E98-84E9-56FF70DBB412",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_s7-400_cpu_417:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BA54AD7F-9D9D-479B-9E67-20378AB8E5A6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC S7-400 CPU family (incl. SIPLUS variants) (All versions), SIMATIC WinAC RTX (F) 2010 (All versions), SINUMERIK 840D sl (All versions). The authentication protocol between a client and a PLC via port 102/tcp (ISO-TSAP) insufficiently protects the transmitted password. This could allow an attacker that is able to intercept the network traffic to obtain valid PLC credentials."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en la familia de SIMATIC S7-300 CPU (incluyendo las CPU ET200 relacionadas y las variantes SIPLUS) (Todas las versiones), familia SIMATIC S7-400 CPU (incluyendo las variantes SIPLUS) (Todas las versiones), SIMATIC WinAC RTX (F) 2010 (Todas las versiones), SINUMERIK 840D sl (Todas las versiones). El protocolo de autenticaci\u00f3n entre un cliente y un PLC por medio del puerto 102/tcp (ISO-TSAP) no protege suficientemente la contrase\u00f1a transmitida. Esto podr\u00eda permitir a un atacante que pueda interceptar el tr\u00e1fico de red obtener credenciales del PLC v\u00e1lidas"
}
],
"id": "CVE-2020-15791",
"lastModified": "2024-11-21T05:06:11.270",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-09-09T19:15:20.663",
"references": [
{
"source": "productcert@siemens.com",
"tags": [
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-381684.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-381684.pdf"
}
],
"sourceIdentifier": "productcert@siemens.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-522"
}
],
"source": "productcert@siemens.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-522"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-11-12 20:15
Modified
2024-11-21 05:06
Severity ?
Summary
A vulnerability has been identified in SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC TDC CPU555 (All versions), SINUMERIK 840D sl (All versions). Sending multiple specially crafted packets to the affected devices could cause a Denial-of-Service on port 102. A cold restart is required to recover the service.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| productcert@siemens.com | https://cert-portal.siemens.com/productcert/pdf/ssa-492828.pdf | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-492828.pdf | Mitigation, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| siemens | sinumerik_840d_sl_firmware | * | |
| siemens | sinumerik_840d_sl | - | |
| siemens | simatic_s7-300_cpu_312_firmware | * | |
| siemens | simatic_s7-300_cpu_312 | - | |
| siemens | simatic_s7-300_cpu_314_firmware | * | |
| siemens | simatic_s7-300_cpu_314 | - | |
| siemens | simatic_s7-300_cpu_315-2_dp_firmware | * | |
| siemens | simatic_s7-300_cpu_315-2_dp | - | |
| siemens | simatic_s7-300_cpu_315-2_pn_firmware | * | |
| siemens | simatic_s7-300_cpu_315-2_pn | - | |
| siemens | simatic_s7-300_cpu_317-2_pn_firmware | * | |
| siemens | simatic_s7-300_cpu_317-2_pn | - | |
| siemens | simatic_s7-300_cpu_317-2_dp_firmware | * | |
| siemens | simatic_s7-300_cpu_317-2_dp | - | |
| siemens | simatic_s7-300_cpu_315f-2_dp_firmware | * | |
| siemens | simatic_s7-300_cpu_315f-2_dp | - | |
| siemens | simatic_s7-300_cpu_315f-2_pn_firmware | * | |
| siemens | simatic_s7-300_cpu_315f-2_pn | - | |
| siemens | simatic_s7-300_cpu_317f-2_pn_firmware | * | |
| siemens | simatic_s7-300_cpu_317f-2_pn | - | |
| siemens | simatic_s7-300_cpu_317f-2_dp_firmware | * | |
| siemens | simatic_s7-300_cpu_317f-2_dp | - | |
| siemens | simatic_tdc_cpu555_firmware | * | |
| siemens | simatic_tdc_cpu555 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:sinumerik_840d_sl_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "07F5B314-ED39-4B8C-BF45-010BC1AB2F6C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:sinumerik_840d_sl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "765286DF-07EC-4C7A-AB8C-09559CD977EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_s7-300_cpu_312_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F6EF8A28-8B05-46C2-911F-37AE46E04743",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_s7-300_cpu_312:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4FB328F8-3E03-440B-AB5C-ADA1D4F07F0E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_s7-300_cpu_314_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BDD1105D-F909-4383-8490-66891609FDC7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_s7-300_cpu_314:-:*:*:*:*:*:*:*",
"matchCriteriaId": "78399465-EED5-4EBD-A2E1-6FE0BD01EDB4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_s7-300_cpu_315-2_dp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "07DC9E02-9B48-496E-8656-68CFFD399F1B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_s7-300_cpu_315-2_dp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E8FD8E6D-0527-4215-B6F0-5824011433FB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_s7-300_cpu_315-2_pn_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FEC66966-6794-4A83-A425-4BC8911392B8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_s7-300_cpu_315-2_pn:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1F007420-6EF7-4ECF-9CBE-BABF39B3EE3F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_s7-300_cpu_317-2_pn_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "581B9FCA-43EC-4BF3-B836-BBD9635EA8C9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_s7-300_cpu_317-2_pn:-:*:*:*:*:*:*:*",
"matchCriteriaId": "40F856D9-7954-4EE1-B5DA-18DFE21069AE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_s7-300_cpu_317-2_dp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F0B56C44-3148-4612-9543-9F96DF0142A6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_s7-300_cpu_317-2_dp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7593F136-F558-4C3D-8429-5141A621981B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_s7-300_cpu_315f-2_dp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4D67C040-2D94-4872-98F9-B4B08290DD03",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_s7-300_cpu_315f-2_dp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BD7AE84F-1476-4E2C-9E2B-0EDAEFE9EDA7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_s7-300_cpu_315f-2_pn_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "694D542E-3E4F-4B6B-BD87-11EDD6C60527",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_s7-300_cpu_315f-2_pn:-:*:*:*:*:*:*:*",
"matchCriteriaId": "50798314-D77E-48C9-B608-0F7A72C88138",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_s7-300_cpu_317f-2_pn_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CD47DCD2-068E-43E0-AEF8-71E9941FA816",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_s7-300_cpu_317f-2_pn:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2713CAFF-4B49-48DF-A475-02D280927113",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_s7-300_cpu_317f-2_dp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C7F1F77B-37E4-4929-BA60-C631067BE843",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_s7-300_cpu_317f-2_dp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B30FDCBC-62BC-43AC-BC92-A44D79525215",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_tdc_cpu555_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2D9C7D4A-F989-4B01-8FFD-5B5859F42D43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_tdc_cpu555:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AE6AB995-D67B-43E5-B8FF-97C38D20CB10",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC TDC CPU555 (All versions), SINUMERIK 840D sl (All versions). Sending multiple specially crafted packets to the affected devices could cause a Denial-of-Service on port 102. A cold restart is required to recover the service."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en la familia de CPUs SIMATIC S7-300 (incluidas las CPUs ET200 relacionadas y las variantes SIPLUS) (Todas las versiones), SIMATIC TDC CPU555 (Todas las versiones), SINUMERIK 840D sl (Todas las versiones). El env\u00edo de m\u00faltiples paquetes especialmente dise\u00f1ados a los dispositivos afectados podr\u00eda causar una denegaci\u00f3n de servicio en el puerto 102. Se requiere un reinicio en fr\u00edo para recuperar el servicio"
}
],
"id": "CVE-2020-15783",
"lastModified": "2024-11-21T05:06:10.283",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-11-12T20:15:16.343",
"references": [
{
"source": "productcert@siemens.com",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-492828.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-492828.pdf"
}
],
"sourceIdentifier": "productcert@siemens.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "productcert@siemens.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-02-11 16:15
Modified
2024-11-21 04:25
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
A vulnerability has been identified in SIMATIC ET 200pro IM154-8 PN/DP CPU (All versions < V3.X.17), SIMATIC ET 200pro IM154-8F PN/DP CPU (All versions < V3.X.17), SIMATIC ET 200pro IM154-8FX PN/DP CPU (All versions < V3.X.17), SIMATIC ET 200S IM151-8 PN/DP CPU (All versions < V3.X.17), SIMATIC ET 200S IM151-8F PN/DP CPU (All versions < V3.X.17), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.1), SIMATIC S7-300 CPU 314C-2 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 315-2 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 315F-2 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 315T-3 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 317-2 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 317F-2 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 317T-3 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 317TF-3 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 319-3 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 319F-3 PN/DP (All versions < V3.X.17), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions), SIMATIC WinAC RTX 2010 (All versions), SIMATIC WinAC RTX F 2010 (All versions), SIPLUS ET 200S IM151-8 PN/DP CPU (All versions < V3.X.17), SIPLUS ET 200S IM151-8F PN/DP CPU (All versions < V3.X.17), SIPLUS S7-300 CPU 314C-2 PN/DP (All versions < V3.X.17), SIPLUS S7-300 CPU 315-2 PN/DP (All versions < V3.X.17), SIPLUS S7-300 CPU 315F-2 PN/DP (All versions < V3.X.17), SIPLUS S7-300 CPU 317-2 PN/DP (All versions < V3.X.17), SIPLUS S7-300 CPU 317F-2 PN/DP (All versions < V3.X.17). Affected devices contain a vulnerability that could cause a denial of service condition of the web server
by sending specially crafted HTTP requests to ports 80/tcp and 443/tcp.
Beyond the web service, no other functions or interfaces are affected by the denial of service condition.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| siemens | s7-1200_cpu_1211c_firmware | * | |
| siemens | s7-1200_cpu_1211c | - | |
| siemens | s7-1200_cpu_1212c_firmware | * | |
| siemens | s7-1200_cpu_1212c | - | |
| siemens | s7-1200_cpu_1214c_firmware | * | |
| siemens | s7-1200_cpu_1214c | - | |
| siemens | s7-1200_cpu_1215c_firmware | * | |
| siemens | s7-1200_cpu_1215c | - | |
| siemens | s7-1200_cpu_1217c_firmware | * | |
| siemens | s7-1200_cpu_1217c | - | |
| siemens | s7-1200_cpu_1212fc_firmware | * | |
| siemens | s7-1200_cpu_1212fc | - | |
| siemens | s7-1200_cpu_1214fc_firmware | * | |
| siemens | s7-1200_cpu_1214fc | - | |
| siemens | s7-1200_cpu_1215fc_firmware | * | |
| siemens | s7-1200_cpu_1215fc | - | |
| siemens | siplus_s7-1200_firmware | * | |
| siemens | siplus_s7-1200 | - | |
| siemens | siplus_cpu_1211c_firmware | * | |
| siemens | siplus_cpu_1211c | - | |
| siemens | siplus_cpu_1212c_firmware | * | |
| siemens | siplus_cpu_1212c | - | |
| siemens | siplus_cpu_1214c_firmware | * | |
| siemens | siplus_cpu_1214c | - | |
| siemens | siplus_cpu_1215c_firmware | * | |
| siemens | siplus_cpu_1215c | - | |
| siemens | simatic_s7-300_cpu_319-3_pn\/dp_firmware | * | |
| siemens | simatic_s7-300_cpu_319-3_pn\/dp | - | |
| siemens | simatic_s7-300_cpu_315-2dp_firmware | * | |
| siemens | simatic_s7-300_cpu_315-2dp | - | |
| siemens | simatic_s7-300_cpu_315-2_pn\/dp_firmware | * | |
| siemens | simatic_s7-300_cpu_315-2_pn\/dp | - | |
| siemens | simatic_s7-300_cpu_317-2_dp_firmware | * | |
| siemens | simatic_s7-300_cpu_317-2_dp | - | |
| siemens | simatic_s7-300_cpu_317-2_pn\/dp_firmware | * | |
| siemens | simatic_s7-300_cpu_317-2_pn\/dp | - | |
| siemens | simatic_s7-300_cpu_319-3_pn\/dp_firmware | * | |
| siemens | simatic_s7-300_cpu_319-3_pn\/dp | - | |
| siemens | siplus_s7-300_cpu_314_firmware | * | |
| siemens | siplus_s7-300_cpu_314 | - | |
| siemens | siplus_s7-300_cpu_315-2_dp_firmware | * | |
| siemens | siplus_s7-300_cpu_315-2_dp | - | |
| siemens | siplus_s7-300_cpu_315-2_pn\/dp_firmware | * | |
| siemens | siplus_s7-300_cpu_315-2_pn\/dp | - | |
| siemens | siplus_s7-300_cpu_317-2_pn\/dp_firmware | * | |
| siemens | siplus_s7-300_cpu_317-2_pn\/dp | v6 | |
| siemens | simatic_s7-400_pn\/dp_cpu_firmware | * | |
| siemens | simatic_s7-400_pn\/dp_cpu | v7 | |
| siemens | simatic_winac_rtx_\(f\)_2010 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:s7-1200_cpu_1211c_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E9437AAD-4048-40DD-9744-E1D6D674F6E0",
"versionEndExcluding": "4.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:s7-1200_cpu_1211c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "61C1E689-5C2F-4EA6-8908-F4DE80F0DC15",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:s7-1200_cpu_1212c_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E3819941-7F6C-44F0-A91D-76AA0EF80108",
"versionEndExcluding": "4.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:s7-1200_cpu_1212c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F64C2324-903C-4D44-A882-DAFAC6D72A41",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:s7-1200_cpu_1214c_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E1E3D84C-3367-4B6F-BF7C-DD4D2C91D79A",
"versionEndExcluding": "4.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:s7-1200_cpu_1214c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4C0D9EA6-F503-4EF3-A59E-E9DD27194C6D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:s7-1200_cpu_1215c_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4DC7EE33-D833-4D19-82B7-02D0A8DA99C5",
"versionEndExcluding": "4.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:s7-1200_cpu_1215c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1885A3FE-DB40-47B7-AC89-1D778F702E2A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:s7-1200_cpu_1217c_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "057D3C0B-19CB-4CEE-9CE1-75F1E2B9F7B6",
"versionEndExcluding": "4.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:s7-1200_cpu_1217c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C66C66F8-8A06-4BA0-A2E2-82889778C0FA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:s7-1200_cpu_1212fc_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "21ACBE3A-6B9B-47E0-AF50-95E5FF17F811",
"versionEndExcluding": "4.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:s7-1200_cpu_1212fc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "44D5089B-413A-4829-A035-8E2852C41291",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:s7-1200_cpu_1214fc_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2A80C325-BA66-413E-AB52-E75AE78E14B9",
"versionEndExcluding": "4.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:s7-1200_cpu_1214fc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "72240379-74FC-4C3C-A31B-BFEEADB8FFFD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:s7-1200_cpu_1215fc_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "23DD97D0-C6DC-4745-AA0A-1F636B5B805C",
"versionEndExcluding": "4.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:s7-1200_cpu_1215fc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B5BEF3-84FF-4D05-A010-94A8E2593E2E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:siplus_s7-1200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5091C8D1-D15F-4632-95B9-5D7811CE6554",
"versionEndExcluding": "4.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:siplus_s7-1200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "108670FB-BE27-4961-8CCB-07E1FF93624D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:siplus_cpu_1211c_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B091889A-AC6B-4301-815C-530F1D6D5238",
"versionEndExcluding": "4.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:siplus_cpu_1211c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "658D85DE-D124-4452-8540-D0A165FF79EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:siplus_cpu_1212c_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DB20B434-8AA7-4DFC-9C7B-2C778C54D9D3",
"versionEndExcluding": "4.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:siplus_cpu_1212c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ED7AE1F6-A1D2-40AF-BDDD-5D3913D75833",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:siplus_cpu_1214c_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9D4C79E6-052B-47F2-BCDA-D8A792B7D0EE",
"versionEndIncluding": "4.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:siplus_cpu_1214c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC520E65-87BF-41FB-BE5B-0D309F42FD50",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:siplus_cpu_1215c_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C742F31E-66A8-4781-A4EF-881C4E45190E",
"versionEndExcluding": "4.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:siplus_cpu_1215c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "889E0984-9116-4928-ABD0-12FC92079B22",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_s7-300_cpu_319-3_pn\\/dp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A3143965-3A6D-4EFD-9DF4-A341DFE0E922",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_s7-300_cpu_319-3_pn\\/dp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7167E5B0-D278-4F63-B5CD-39DBDF336089",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_s7-300_cpu_315-2dp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7A1557AE-0F0A-4EA8-AE26-779E8C98336F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_s7-300_cpu_315-2dp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CEB6DA13-FD4E-4168-A08A-00547E656CA1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_s7-300_cpu_315-2_pn\\/dp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4309A70D-5C4C-4F03-A5C6-1735AEE0E410",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_s7-300_cpu_315-2_pn\\/dp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A773F92D-E5C0-4B51-8214-19BFE6BC7638",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_s7-300_cpu_317-2_dp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F0B56C44-3148-4612-9543-9F96DF0142A6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_s7-300_cpu_317-2_dp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7593F136-F558-4C3D-8429-5141A621981B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_s7-300_cpu_317-2_pn\\/dp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F3677E3F-ABFE-4D77-96CF-68E58FF45CF1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_s7-300_cpu_317-2_pn\\/dp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A340DA65-BA46-4F72-8951-93135F9F6602",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_s7-300_cpu_319-3_pn\\/dp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A3143965-3A6D-4EFD-9DF4-A341DFE0E922",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_s7-300_cpu_319-3_pn\\/dp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7167E5B0-D278-4F63-B5CD-39DBDF336089",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:siplus_s7-300_cpu_314_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9B922AD6-819B-4D7F-A31A-E4D39CE8DC6A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:siplus_s7-300_cpu_314:-:*:*:*:*:*:*:*",
"matchCriteriaId": "88F00AE1-D55A-4C7C-A421-2B89BDFE4C9D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:siplus_s7-300_cpu_315-2_dp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A94629F5-6569-406C-8E8E-990F2E21B0A0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:siplus_s7-300_cpu_315-2_dp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7D038857-CED3-4312-9B86-36DC10A0398F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:siplus_s7-300_cpu_315-2_pn\\/dp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B093DE9C-1E39-4CF3-89B9-6A2B678A477E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:siplus_s7-300_cpu_315-2_pn\\/dp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1FC6FF34-3155-4CF8-88D5-4EAE00B32163",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:siplus_s7-300_cpu_317-2_pn\\/dp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3844D023-F67B-41B4-8B9E-EAF8B79E9209",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:siplus_s7-300_cpu_317-2_pn\\/dp:v6:*:*:*:*:*:*:*",
"matchCriteriaId": "4A5CDFEA-E5F2-419F-A1B3-D98C44D38D84",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_s7-400_pn\\/dp_cpu_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2ECD08DA-16E8-4C33-A07B-DA1EACADAF70",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_s7-400_pn\\/dp_cpu:v7:*:*:*:*:*:*:*",
"matchCriteriaId": "2A07D125-F671-40E6-8E9C-6E13F7E00ADD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:simatic_winac_rtx_\\(f\\)_2010:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5537D556-046A-444A-9AB6-B4F9AA121CF1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SIMATIC ET 200pro IM154-8 PN/DP CPU (All versions \u003c V3.X.17), SIMATIC ET 200pro IM154-8F PN/DP CPU (All versions \u003c V3.X.17), SIMATIC ET 200pro IM154-8FX PN/DP CPU (All versions \u003c V3.X.17), SIMATIC ET 200S IM151-8 PN/DP CPU (All versions \u003c V3.X.17), SIMATIC ET 200S IM151-8F PN/DP CPU (All versions \u003c V3.X.17), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions \u003c V4.1), SIMATIC S7-300 CPU 314C-2 PN/DP (All versions \u003c V3.X.17), SIMATIC S7-300 CPU 315-2 PN/DP (All versions \u003c V3.X.17), SIMATIC S7-300 CPU 315F-2 PN/DP (All versions \u003c V3.X.17), SIMATIC S7-300 CPU 315T-3 PN/DP (All versions \u003c V3.X.17), SIMATIC S7-300 CPU 317-2 PN/DP (All versions \u003c V3.X.17), SIMATIC S7-300 CPU 317F-2 PN/DP (All versions \u003c V3.X.17), SIMATIC S7-300 CPU 317T-3 PN/DP (All versions \u003c V3.X.17), SIMATIC S7-300 CPU 317TF-3 PN/DP (All versions \u003c V3.X.17), SIMATIC S7-300 CPU 319-3 PN/DP (All versions \u003c V3.X.17), SIMATIC S7-300 CPU 319F-3 PN/DP (All versions \u003c V3.X.17), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions), SIMATIC WinAC RTX 2010 (All versions), SIMATIC WinAC RTX F 2010 (All versions), SIPLUS ET 200S IM151-8 PN/DP CPU (All versions \u003c V3.X.17), SIPLUS ET 200S IM151-8F PN/DP CPU (All versions \u003c V3.X.17), SIPLUS S7-300 CPU 314C-2 PN/DP (All versions \u003c V3.X.17), SIPLUS S7-300 CPU 315-2 PN/DP (All versions \u003c V3.X.17), SIPLUS S7-300 CPU 315F-2 PN/DP (All versions \u003c V3.X.17), SIPLUS S7-300 CPU 317-2 PN/DP (All versions \u003c V3.X.17), SIPLUS S7-300 CPU 317F-2 PN/DP (All versions \u003c V3.X.17). Affected devices contain a vulnerability that could cause a denial of service condition of the web server\r\nby sending specially crafted HTTP requests to ports 80/tcp and 443/tcp.\r\n\r\nBeyond the web service, no other functions or interfaces are affected by the denial of service condition."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en la familia de CPUs SIMATIC S7-1200 (incluidas las variantes SIPLUS) (Todas las versiones anteriores a V4.1), la familia de CPUs SIMATIC S7-300 PN/DP (incluidas las CPUs ET200 relacionadas y las variantes SIPLUS) (Todas las versiones anteriores a V3.X.17 ), familia de CPU SIMATIC S7-400 PN/DP V6 e inferiores (incl. variantes SIPLUS) (Todas las versiones), familia de CPU SIMATIC S7-400 PN/DP V7 (incl. variantes SIPLUS) (Todas las versiones), SIMATIC WinAC RTX (F) 2010 (Todas las versiones). Los dispositivos afectados contienen una vulnerabilidad que podr\u00eda causar una condici\u00f3n de denegaci\u00f3n de servicio del servidor web mediante el env\u00edo de peticiones HTTP especialmente dise\u00f1adas a los puertos 80/tcp y 443/tcp. La vulnerabilidad de seguridad podr\u00eda ser explotada por un atacante con acceso a la red de un dispositivo afectado. La explotaci\u00f3n exitosa no requiere privilegios del sistema ni interacci\u00f3n del usuario. Un atacante podr\u00eda utilizar la vulnerabilidad para comprometer la disponibilidad del servidor web del dispositivo. Aparte del servicio web, no hay otras funciones o interfaces afectadas por la condici\u00f3n de denegaci\u00f3n de servicio"
}
],
"id": "CVE-2019-13940",
"lastModified": "2024-11-21T04:25:44.283",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "productcert@siemens.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-02-11T16:15:14.773",
"references": [
{
"source": "productcert@siemens.com",
"tags": [
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-431678.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-431678.pdf"
}
],
"sourceIdentifier": "productcert@siemens.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "productcert@siemens.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}