icsa-22-104-04
Vulnerability from csaf_cisa
Published
2022-04-14 00:00
Modified
2022-04-14 00:00
Summary
Siemens SCALANCE FragAttacks
Notes
CISA Disclaimer
This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov
Legal Notice
All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Risk evaluation
Successful exploitation of these vulnerabilities could allow an attacker within Wi-Fi range to forge encrypted frames, which could result in sensitive data disclosure and traffic manipulation.
Critical infrastructure sectors
Multiple Sectors
Countries/areas deployed
Worldwide
Company headquarters location
Germany
Recommended Practices
CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:
Recommended Practices
CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices
Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on cisa.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.
Additional Resources
For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories
Exploitability
No known public exploits specifically target these vulnerabilities.
{ "document": { "acknowledgments": [ { "organization": "Siemens", "summary": "reporting these vulnerabilities to CISA" } ], "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Disclosure is not limited", "tlp": { "label": "WHITE", "url": "https://us-cert.cisa.gov/tlp/" } }, "lang": "en-US", "notes": [ { "category": "general", "text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov", "title": "CISA Disclaimer" }, { "category": "legal_disclaimer", "text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.", "title": "Legal Notice" }, { "category": "summary", "text": "Successful exploitation of these vulnerabilities could allow an attacker within Wi-Fi range to forge encrypted frames, which could result in sensitive data disclosure and traffic manipulation.", "title": "Risk evaluation" }, { "category": "other", "text": "Multiple Sectors", "title": "Critical infrastructure sectors" }, { "category": "other", "text": "Worldwide", "title": "Countries/areas deployed" }, { "category": "other", "text": "Germany", "title": "Company headquarters location" }, { "category": "general", "text": "CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:", "title": "Recommended Practices" }, { "category": "general", "text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\nCISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.", "title": "Recommended Practices" }, { "category": "general", "text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on cisa.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.\nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.", "title": "Recommended Practices" }, { "category": "general", "text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories", "title": "Additional Resources" }, { "category": "other", "text": "No known public exploits specifically target these vulnerabilities.", "title": "Exploitability" } ], "publisher": { "category": "coordinator", "contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870", "name": "CISA", "namespace": "https://www.cisa.gov/" }, "references": [ { "category": "external", "summary": "SSA-913875: Frame Aggregation and Fragmentation Vulnerabilities in 802.11 - CSAF Version", "url": "https://cert-portal.siemens.com/productcert/csaf/ssa-913875.json" }, { "category": "self", "summary": "ICS Advisory ICSA-22-104-04 JSON", "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2022/icsa-22-104-04.json" }, { "category": "self", "summary": "ICS Advisory ICSA-22-104-04 Web Version", "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-104-04" }, { "category": "external", "summary": "Recommended Practices", "url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01" }, { "category": "external", "summary": "Recommended Practices", "url": "https://www.cisa.gov/uscert/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf" }, { "category": "external", "summary": "Recommended Practices", "url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B" }, { "category": "external", "summary": "SSA-913875: Frame Aggregation and Fragmentation Vulnerabilities in 802.11 - PDF Version", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdf" }, { "category": "external", "summary": "SSA-913875: Frame Aggregation and Fragmentation Vulnerabilities in 802.11 - TXT Version", "url": "https://cert-portal.siemens.com/productcert/txt/ssa-913875.txt" } ], "title": "Siemens SCALANCE FragAttacks", "tracking": { "current_release_date": "2022-04-14T00:00:00.000000Z", "generator": { "engine": { "name": "CISA CSAF Generator", "version": "1.0.0" } }, "id": "ICSA-22-104-04", "initial_release_date": "2022-04-14T00:00:00.000000Z", "revision_history": [ { "date": "2022-04-14T00:00:00.000000Z", "legacy_version": "Initial", "number": "1", "summary": "ICSA-22-104-04 Siemens FragAttacks" } ], "status": "final", "version": "1" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version_range", "name": "vers:all/*", "product": { "name": "SCALANCE W721-1 RJ45", "product_id": "CSAFPID-0001", "product_identification_helper": { "model_numbers": [ "6GK5721-1FC00-0AA0" ] } } } ], "category": "product_name", "name": "SCALANCE W721-1 RJ45" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/*", "product": { "name": "SCALANCE W721-1 RJ45", "product_id": "CSAFPID-0002", "product_identification_helper": { "model_numbers": [ "6GK5721-1FC00-0AB0" ] } } } ], "category": "product_name", "name": "SCALANCE W721-1 RJ45" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/*", "product": { "name": "SCALANCE W722-1 RJ45", "product_id": "CSAFPID-0003", "product_identification_helper": { "model_numbers": [ "6GK5722-1FC00-0AA0" ] } } } ], "category": "product_name", "name": "SCALANCE W722-1 RJ45" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/*", "product": { "name": "SCALANCE W722-1 RJ45", "product_id": "CSAFPID-0004", "product_identification_helper": { "model_numbers": [ "6GK5722-1FC00-0AB0" ] } } } ], "category": "product_name", "name": "SCALANCE W722-1 RJ45" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/*", "product": { "name": "SCALANCE W722-1 RJ45", "product_id": "CSAFPID-0005", "product_identification_helper": { "model_numbers": [ "6GK5722-1FC00-0AC0" ] } } } ], "category": "product_name", "name": "SCALANCE W722-1 RJ45" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/*", "product": { "name": "SCALANCE W734-1 RJ45", "product_id": "CSAFPID-0006", "product_identification_helper": { "model_numbers": [ "6GK5734-1FX00-0AA0" ] } } } ], "category": "product_name", "name": "SCALANCE W734-1 RJ45" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/*", "product": { "name": "SCALANCE W734-1 RJ45", "product_id": "CSAFPID-0007", "product_identification_helper": { "model_numbers": [ "6GK5734-1FX00-0AA6" ] } } } ], "category": "product_name", "name": "SCALANCE W734-1 RJ45" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/*", "product": { "name": "SCALANCE W734-1 RJ45", "product_id": "CSAFPID-0008", "product_identification_helper": { "model_numbers": [ "6GK5734-1FX00-0AB0" ] } } } ], "category": "product_name", "name": "SCALANCE W734-1 RJ45" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/*", "product": { "name": "SCALANCE W734-1 RJ45 (USA)", "product_id": "CSAFPID-0009", "product_identification_helper": { "model_numbers": [ "6GK5734-1FX00-0AB6" ] } } } ], "category": "product_name", "name": "SCALANCE W734-1 RJ45 (USA)" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/*", "product": { "name": "SCALANCE W738-1 M12", "product_id": "CSAFPID-00010", "product_identification_helper": { "model_numbers": [ "6GK5738-1GY00-0AA0" ] } } } ], "category": "product_name", "name": "SCALANCE W738-1 M12" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/*", "product": { "name": "SCALANCE W738-1 M12", "product_id": "CSAFPID-00011", "product_identification_helper": { "model_numbers": [ "6GK5738-1GY00-0AB0" ] } } } ], "category": "product_name", "name": "SCALANCE W738-1 M12" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/*", "product": { "name": "SCALANCE W748-1 M12", "product_id": "CSAFPID-00012", "product_identification_helper": { "model_numbers": [ "6GK5748-1GD00-0AA0" ] } } } ], "category": "product_name", "name": "SCALANCE W748-1 M12" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/*", "product": { "name": "SCALANCE W748-1 M12", "product_id": "CSAFPID-00013", "product_identification_helper": { "model_numbers": [ "6GK5748-1GD00-0AB0" ] } } } ], "category": "product_name", "name": "SCALANCE W748-1 M12" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/*", "product": { "name": "SCALANCE W748-1 RJ45", "product_id": "CSAFPID-00014", "product_identification_helper": { "model_numbers": [ "6GK5748-1FC00-0AA0" ] } } } ], "category": "product_name", "name": "SCALANCE W748-1 RJ45" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/*", "product": { "name": "SCALANCE W748-1 RJ45", "product_id": "CSAFPID-00015", "product_identification_helper": { "model_numbers": [ "6GK5748-1FC00-0AB0" ] } } } ], "category": "product_name", "name": "SCALANCE W748-1 RJ45" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/*", "product": { "name": "SCALANCE W761-1 RJ45", "product_id": "CSAFPID-00016", "product_identification_helper": { "model_numbers": [ "6GK5761-1FC00-0AA0" ] } } } ], "category": "product_name", "name": "SCALANCE W761-1 RJ45" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/*", "product": { "name": "SCALANCE W761-1 RJ45", "product_id": "CSAFPID-00017", "product_identification_helper": { "model_numbers": [ "6GK5761-1FC00-0AB0" ] } } } ], "category": "product_name", "name": "SCALANCE W761-1 RJ45" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/*", "product": { "name": "SCALANCE W774-1 M12 EEC", "product_id": "CSAFPID-00018", "product_identification_helper": { "model_numbers": [ "6GK5774-1FY00-0TA0" ] } } } ], "category": "product_name", "name": "SCALANCE W774-1 M12 EEC" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/*", "product": { "name": "SCALANCE W774-1 M12 EEC", "product_id": "CSAFPID-00019", "product_identification_helper": { "model_numbers": [ "6GK5774-1FY00-0TB0" ] } } } ], "category": "product_name", "name": "SCALANCE W774-1 M12 EEC" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/*", "product": { "name": "SCALANCE W774-1 RJ45", "product_id": "CSAFPID-00020", "product_identification_helper": { "model_numbers": [ "6GK5774-1FX00-0AA0" ] } } } ], "category": "product_name", "name": "SCALANCE W774-1 RJ45" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/*", "product": { "name": "SCALANCE W774-1 RJ45", "product_id": "CSAFPID-00021", "product_identification_helper": { "model_numbers": [ "6GK5774-1FX00-0AA6" ] } } } ], "category": "product_name", "name": "SCALANCE W774-1 RJ45" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/*", "product": { "name": "SCALANCE W774-1 RJ45", "product_id": "CSAFPID-00022", "product_identification_helper": { "model_numbers": [ "6GK5774-1FX00-0AB0" ] } } } ], "category": "product_name", "name": "SCALANCE W774-1 RJ45" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/*", "product": { "name": "SCALANCE W774-1 RJ45", "product_id": "CSAFPID-00023", "product_identification_helper": { "model_numbers": [ "6GK5774-1FX00-0AC0" ] } } } ], "category": "product_name", "name": "SCALANCE W774-1 RJ45" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/*", "product": { "name": "SCALANCE W774-1 RJ45 (USA)", "product_id": "CSAFPID-00024", "product_identification_helper": { "model_numbers": [ "6GK5774-1FX00-0AB6" ] } } } ], "category": "product_name", "name": "SCALANCE W774-1 RJ45 (USA)" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/*", "product": { "name": "SCALANCE W778-1 M12", "product_id": "CSAFPID-00025", "product_identification_helper": { "model_numbers": [ "6GK5778-1GY00-0AA0" ] } } } ], "category": "product_name", "name": "SCALANCE W778-1 M12" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/*", "product": { "name": "SCALANCE W778-1 M12", "product_id": "CSAFPID-00026", "product_identification_helper": { "model_numbers": [ "6GK5778-1GY00-0AB0" ] } } } ], "category": "product_name", "name": "SCALANCE W778-1 M12" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/*", "product": { "name": "SCALANCE W778-1 M12 EEC", "product_id": "CSAFPID-00027", "product_identification_helper": { "model_numbers": [ "6GK5778-1GY00-0TA0" ] } } } ], "category": "product_name", "name": "SCALANCE W778-1 M12 EEC" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/*", "product": { "name": "SCALANCE W778-1 M12 EEC (USA)", "product_id": "CSAFPID-00028", "product_identification_helper": { "model_numbers": [ "6GK5778-1GY00-0TB0" ] } } } ], "category": "product_name", "name": "SCALANCE W778-1 M12 EEC (USA)" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/*", "product": { "name": "SCALANCE W786-1 RJ45", "product_id": "CSAFPID-00029", "product_identification_helper": { "model_numbers": [ "6GK5786-1FC00-0AA0" ] } } } ], "category": "product_name", "name": "SCALANCE W786-1 RJ45" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/*", "product": { "name": "SCALANCE W786-1 RJ45", "product_id": "CSAFPID-00030", "product_identification_helper": { "model_numbers": [ "6GK5786-1FC00-0AB0" ] } } } ], "category": "product_name", "name": "SCALANCE W786-1 RJ45" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/*", "product": { "name": "SCALANCE W786-2 RJ45", "product_id": "CSAFPID-00031", "product_identification_helper": { "model_numbers": [ "6GK5786-2FC00-0AA0" ] } } } ], "category": "product_name", "name": "SCALANCE W786-2 RJ45" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/*", "product": { "name": "SCALANCE W786-2 RJ45", "product_id": "CSAFPID-00032", "product_identification_helper": { "model_numbers": [ "6GK5786-2FC00-0AB0" ] } } } ], "category": "product_name", "name": "SCALANCE W786-2 RJ45" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/*", "product": { "name": "SCALANCE W786-2 RJ45", "product_id": "CSAFPID-00033", "product_identification_helper": { "model_numbers": [ "6GK5786-2FC00-0AC0" ] } } } ], "category": "product_name", "name": "SCALANCE W786-2 RJ45" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/*", "product": { "name": "SCALANCE W786-2 SFP", "product_id": "CSAFPID-00034", "product_identification_helper": { "model_numbers": [ "6GK5786-2FE00-0AA0" ] } } } ], "category": "product_name", "name": "SCALANCE W786-2 SFP" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/*", "product": { "name": "SCALANCE W786-2 SFP", "product_id": "CSAFPID-00035", "product_identification_helper": { "model_numbers": [ "6GK5786-2FE00-0AB0" ] } } } ], "category": "product_name", "name": "SCALANCE W786-2 SFP" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/*", "product": { "name": "SCALANCE W786-2IA RJ45", "product_id": "CSAFPID-00036", "product_identification_helper": { "model_numbers": [ "6GK5786-2HC00-0AA0" ] } } } ], "category": "product_name", "name": "SCALANCE W786-2IA RJ45" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/*", "product": { "name": "SCALANCE W786-2IA RJ45", "product_id": "CSAFPID-00037", "product_identification_helper": { "model_numbers": [ "6GK5786-2HC00-0AB0" ] } } } ], "category": "product_name", "name": "SCALANCE W786-2IA RJ45" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/*", "product": { "name": "SCALANCE W788-1 M12", "product_id": "CSAFPID-00038", "product_identification_helper": { "model_numbers": [ "6GK5788-1GD00-0AA0" ] } } } ], "category": "product_name", "name": "SCALANCE W788-1 M12" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/*", "product": { "name": "SCALANCE W788-1 M12", "product_id": "CSAFPID-00039", "product_identification_helper": { "model_numbers": [ "6GK5788-1GD00-0AB0" ] } } } ], "category": "product_name", "name": "SCALANCE W788-1 M12" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/*", "product": { "name": "SCALANCE W788-1 RJ45", "product_id": "CSAFPID-00040", "product_identification_helper": { "model_numbers": [ "6GK5788-1FC00-0AA0" ] } } } ], "category": "product_name", "name": "SCALANCE W788-1 RJ45" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/*", "product": { "name": "SCALANCE W788-1 RJ45", "product_id": "CSAFPID-00041", "product_identification_helper": { "model_numbers": [ "6GK5788-1FC00-0AB0" ] } } } ], "category": "product_name", "name": "SCALANCE W788-1 RJ45" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/*", "product": { "name": "SCALANCE W788-2 M12", "product_id": "CSAFPID-00042", "product_identification_helper": { "model_numbers": [ "6GK5788-2GD00-0AA0" ] } } } ], "category": "product_name", "name": "SCALANCE W788-2 M12" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/*", "product": { "name": "SCALANCE W788-2 M12", "product_id": "CSAFPID-00043", "product_identification_helper": { "model_numbers": [ "6GK5788-2GD00-0AB0" ] } } } ], "category": "product_name", "name": "SCALANCE W788-2 M12" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/*", "product": { "name": "SCALANCE W788-2 M12 EEC", "product_id": "CSAFPID-00044", "product_identification_helper": { "model_numbers": [ "6GK5788-2GD00-0TA0" ] } } } ], "category": "product_name", "name": "SCALANCE W788-2 M12 EEC" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/*", "product": { "name": "SCALANCE W788-2 M12 EEC", "product_id": "CSAFPID-00045", "product_identification_helper": { "model_numbers": [ "6GK5788-2GD00-0TB0" ] } } } ], "category": "product_name", "name": "SCALANCE W788-2 M12 EEC" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/*", "product": { "name": "SCALANCE W788-2 M12 EEC", "product_id": "CSAFPID-00046", "product_identification_helper": { "model_numbers": [ "6GK5788-2GD00-0TC0" ] } } } ], "category": "product_name", "name": "SCALANCE W788-2 M12 EEC" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/*", "product": { "name": "SCALANCE W788-2 RJ45", "product_id": "CSAFPID-00047", "product_identification_helper": { "model_numbers": [ "6GK5788-2FC00-0AA0" ] } } } ], "category": "product_name", "name": "SCALANCE W788-2 RJ45" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/*", "product": { "name": "SCALANCE W788-2 RJ45", "product_id": "CSAFPID-00048", "product_identification_helper": { "model_numbers": [ "6GK5788-2FC00-0AB0" ] } } } ], "category": "product_name", "name": "SCALANCE W788-2 RJ45" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/*", "product": { "name": "SCALANCE W788-2 RJ45", "product_id": "CSAFPID-00049", "product_identification_helper": { "model_numbers": [ "6GK5788-2FC00-0AC0" ] } } } ], "category": "product_name", "name": "SCALANCE W788-2 RJ45" }, { "branches": [ { "category": "product_version_range", "name": "\u003c V3.0.0", "product": { "name": "SCALANCE W1748-1 M12", "product_id": "CSAFPID-00050", "product_identification_helper": { "model_numbers": [ "6GK5748-1GY01-0AA0" ] } } } ], "category": "product_name", "name": "SCALANCE W1748-1 M12" }, { "branches": [ { "category": "product_version_range", "name": "\u003c V3.0.0", "product": { "name": "SCALANCE W1748-1 M12", "product_id": "CSAFPID-00051", "product_identification_helper": { "model_numbers": [ "6GK5748-1GY01-0TA0" ] } } } ], "category": "product_name", "name": "SCALANCE W1748-1 M12" }, { "branches": [ { "category": "product_version_range", "name": "\u003c V8.7.1.3", "product": { "name": "SCALANCE W1750D", "product_id": "CSAFPID-00052" } } ], "category": "product_name", "name": "SCALANCE W1750D" }, { "branches": [ { "category": "product_version_range", "name": "\u003c V3.0.0", "product": { "name": "SCALANCE W1788-1 M12", "product_id": "CSAFPID-00053", "product_identification_helper": { "model_numbers": [ "6GK5788-1GY01-0AA0" ] } } } ], "category": "product_name", "name": "SCALANCE W1788-1 M12" }, { "branches": [ { "category": "product_version_range", "name": "\u003c V3.0.0", "product": { "name": "SCALANCE W1788-2 EEC M12", "product_id": "CSAFPID-00054", "product_identification_helper": { "model_numbers": [ "6GK5788-2GY01-0TA0" ] } } } ], "category": "product_name", "name": "SCALANCE W1788-2 EEC M12" }, { "branches": [ { "category": "product_version_range", "name": "\u003c V3.0.0", "product": { "name": "SCALANCE W1788-2 M12", "product_id": "CSAFPID-00055", "product_identification_helper": { "model_numbers": [ "6GK5788-2GY01-0AA0" ] } } } ], "category": "product_name", "name": "SCALANCE W1788-2 M12" }, { "branches": [ { "category": "product_version_range", "name": "\u003c V3.0.0", "product": { "name": "SCALANCE W1788-2IA M12", "product_id": "CSAFPID-00056", "product_identification_helper": { "model_numbers": [ "6GK5788-2HY01-0AA0" ] } } } ], "category": "product_name", "name": "SCALANCE W1788-2IA M12" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/*", "product": { "name": "SCALANCE WAM763-1", "product_id": "CSAFPID-00057", "product_identification_helper": { "model_numbers": [ "6GK5763-1AL00-7DA0" ] } } } ], "category": "product_name", "name": "SCALANCE WAM763-1" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/*", "product": { "name": "SCALANCE WAM766-1", "product_id": "CSAFPID-00058", "product_identification_helper": { "model_numbers": [ "6GK5766-1GE00-7DA0" ] } } } ], "category": "product_name", "name": "SCALANCE WAM766-1" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/*", "product": { "name": "SCALANCE WAM766-1", "product_id": "CSAFPID-00059", "product_identification_helper": { "model_numbers": [ "6GK5766-1GE00-7DB0" ] } } } ], "category": "product_name", "name": "SCALANCE WAM766-1" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/*", "product": { "name": "SCALANCE WAM766-1 6GHz", "product_id": "CSAFPID-00060", "product_identification_helper": { "model_numbers": [ "6GK5766-1JE00-7DA0" ] } } } ], "category": "product_name", "name": "SCALANCE WAM766-1 6GHz" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/*", "product": { "name": "SCALANCE WAM766-1 EEC", "product_id": "CSAFPID-00061", "product_identification_helper": { "model_numbers": [ "6GK5766-1GE00-7TA0" ] } } } ], "category": "product_name", "name": "SCALANCE WAM766-1 EEC" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/*", "product": { "name": "SCALANCE WAM766-1 EEC", "product_id": "CSAFPID-00062", "product_identification_helper": { "model_numbers": [ "6GK5766-1GE00-7TB0" ] } } } ], "category": "product_name", "name": "SCALANCE WAM766-1 EEC" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/*", "product": { "name": "SCALANCE WAM766-1 EEC 6GHz", "product_id": "CSAFPID-00063", "product_identification_helper": { "model_numbers": [ "6GK5766-1JE00-7TA0" ] } } } ], "category": "product_name", "name": "SCALANCE WAM766-1 EEC 6GHz" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/*", "product": { "name": "SCALANCE WUM763-1", "product_id": "CSAFPID-00064", "product_identification_helper": { "model_numbers": [ "6GK5763-1AL00-3AA0" ] } } } ], "category": "product_name", "name": "SCALANCE WUM763-1" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/*", "product": { "name": "SCALANCE WUM763-1", "product_id": "CSAFPID-00065", "product_identification_helper": { "model_numbers": [ "6GK5763-1AL00-3DA0" ] } } } ], "category": "product_name", "name": "SCALANCE WUM763-1" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/*", "product": { "name": "SCALANCE WUM766-1", "product_id": "CSAFPID-00066", "product_identification_helper": { "model_numbers": [ "6GK5766-1GE00-3DA0" ] } } } ], "category": "product_name", "name": "SCALANCE WUM766-1" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/*", "product": { "name": "SCALANCE WUM766-1", "product_id": "CSAFPID-00067", "product_identification_helper": { "model_numbers": [ "6GK5766-1GE00-3DB0" ] } } } ], "category": "product_name", "name": "SCALANCE WUM766-1" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/*", "product": { "name": "SCALANCE WUM766-1 6GHz", "product_id": "CSAFPID-00068", "product_identification_helper": { "model_numbers": [ "6GK5766-1JE00-3DA0" ] } } } ], "category": "product_name", "name": "SCALANCE WUM766-1 6GHz" } ], "category": "vendor", "name": "Siemens" } ] }, "vulnerabilities": [ { "cve": "CVE-2020-24588", "cwe": { "id": "CWE-306", "name": "Missing Authentication for Critical Function" }, "notes": [ { "category": "summary", "text": "The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn\u0027t require that the A-MSDU flag in the plaintext QoS header field is authenticated. Against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802.11n), an adversary can abuse this to inject arbitrary network packets.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", "CSAFPID-00024", "CSAFPID-00025", "CSAFPID-00026", "CSAFPID-00027", "CSAFPID-00028", "CSAFPID-00029", "CSAFPID-00030", "CSAFPID-00031", "CSAFPID-00032", "CSAFPID-00033", "CSAFPID-00034", "CSAFPID-00035", "CSAFPID-00036", "CSAFPID-00037", "CSAFPID-00038", "CSAFPID-00039", "CSAFPID-00040", "CSAFPID-00041", "CSAFPID-00042", "CSAFPID-00043", "CSAFPID-00044", "CSAFPID-00045", "CSAFPID-00046", "CSAFPID-00047", "CSAFPID-00048", "CSAFPID-00049", "CSAFPID-00050", "CSAFPID-00051", "CSAFPID-00052", "CSAFPID-00053", "CSAFPID-00054", "CSAFPID-00055", "CSAFPID-00056", "CSAFPID-00057", "CSAFPID-00058", "CSAFPID-00059", "CSAFPID-00060", "CSAFPID-00061", "CSAFPID-00062", "CSAFPID-00063", "CSAFPID-00064", "CSAFPID-00065", "CSAFPID-00066", "CSAFPID-00067", "CSAFPID-00068" ] }, "references": [ { "summary": "CVE-2020-24588 - SCALANCE W1748-1 M12", "url": "https://support.industry.siemens.com/cs/ww/en/view/109808629/" }, { "summary": "CVE-2020-24588 - SCALANCE W1748-1 M12", "url": "https://support.industry.siemens.com/cs/ww/en/view/109808629/" }, { "summary": "CVE-2020-24588 - SCALANCE W1750D", "url": "https://support.industry.siemens.com/cs/de/en/view/109802805/" }, { "summary": "CVE-2020-24588 - SCALANCE W1788-1 M12", "url": "https://support.industry.siemens.com/cs/ww/en/view/109808629/" }, { "summary": "CVE-2020-24588 - SCALANCE W1788-2 EEC M12", "url": "https://support.industry.siemens.com/cs/ww/en/view/109808629/" }, { "summary": "CVE-2020-24588 - SCALANCE W1788-2 M12", "url": "https://support.industry.siemens.com/cs/ww/en/view/109808629/" }, { "summary": "CVE-2020-24588 - SCALANCE W1788-2IA M12", "url": "https://support.industry.siemens.com/cs/ww/en/view/109808629/" }, { "summary": "CVE-2020-24588 - SCALANCE WAM763-1", "url": "https://support.industry.siemens.com/cs/de/en/view/109805887" }, { "summary": "CVE-2020-24588 - SCALANCE WAM766-1", "url": "https://support.industry.siemens.com/cs/de/en/view/109805887" }, { "summary": "CVE-2020-24588 - SCALANCE WAM766-1", "url": "https://support.industry.siemens.com/cs/de/en/view/109805887" }, { "summary": "CVE-2020-24588 - SCALANCE WAM766-1 6GHz", "url": "https://support.industry.siemens.com/cs/de/en/view/109805887" }, { "summary": "CVE-2020-24588 - SCALANCE WAM766-1 EEC", "url": "https://support.industry.siemens.com/cs/de/en/view/109805887" }, { "summary": "CVE-2020-24588 - SCALANCE WAM766-1 EEC", "url": "https://support.industry.siemens.com/cs/de/en/view/109805887" }, { "summary": "CVE-2020-24588 - SCALANCE WAM766-1 EEC 6GHz", "url": "https://support.industry.siemens.com/cs/de/en/view/109805887" }, { "summary": "CVE-2020-24588 - SCALANCE WUM763-1", "url": "https://support.industry.siemens.com/cs/de/en/view/109805887" }, { "summary": "CVE-2020-24588 - SCALANCE WUM763-1", "url": "https://support.industry.siemens.com/cs/de/en/view/109805887" }, { "summary": "CVE-2020-24588 - SCALANCE WUM766-1", "url": "https://support.industry.siemens.com/cs/de/en/view/109805887" }, { "summary": "CVE-2020-24588 - SCALANCE WUM766-1", "url": "https://support.industry.siemens.com/cs/de/en/view/109805887" }, { "summary": "CVE-2020-24588 - SCALANCE WUM766-1 6GHz", "url": "https://support.industry.siemens.com/cs/de/en/view/109805887" }, { "summary": "CVE-2020-24588 Mitre 5.0 json", "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2020-24588.json" }, { "category": "external", "summary": "web.nvd.nist.gov", "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24588" }, { "category": "external", "summary": "www.first.org", "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" } ], "remediations": [ { "category": "no_fix_planned", "details": "Currently no fix is planned", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", "CSAFPID-00024", "CSAFPID-00025", "CSAFPID-00026", "CSAFPID-00027", "CSAFPID-00028", "CSAFPID-00029", "CSAFPID-00030", "CSAFPID-00031", "CSAFPID-00032", "CSAFPID-00033", "CSAFPID-00034", "CSAFPID-00035", "CSAFPID-00036", "CSAFPID-00037", "CSAFPID-00038", "CSAFPID-00039", "CSAFPID-00040", "CSAFPID-00041", "CSAFPID-00042", "CSAFPID-00043", "CSAFPID-00044", "CSAFPID-00045", "CSAFPID-00046", "CSAFPID-00047", "CSAFPID-00048", "CSAFPID-00049" ] }, { "category": "vendor_fix", "details": "Update to V3.0.0 or later version", "product_ids": [ "CSAFPID-00050", "CSAFPID-00051", "CSAFPID-00053", "CSAFPID-00054", "CSAFPID-00055", "CSAFPID-00056" ], "url": "https://support.industry.siemens.com/cs/ww/en/view/109808629/" }, { "category": "vendor_fix", "details": "Update to V8.7.1.3 or later version", "product_ids": [ "CSAFPID-00052" ], "url": "https://support.industry.siemens.com/cs/de/en/view/109802805/" }, { "category": "vendor_fix", "details": "Update to V1.2 or later version", "product_ids": [ "CSAFPID-00057", "CSAFPID-00058", "CSAFPID-00059", "CSAFPID-00060", "CSAFPID-00061", "CSAFPID-00062", "CSAFPID-00063", "CSAFPID-00064", "CSAFPID-00065", "CSAFPID-00066", "CSAFPID-00067", "CSAFPID-00068" ], "url": "https://support.industry.siemens.com/cs/de/en/view/109805887" }, { "category": "mitigation", "details": "As these vulnerabilities can only be exploited within Wi-Fi range, when possible reduce Wi-Fi transmission power or make sure to have the devices in private areas with physical access controls", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", "CSAFPID-00024", "CSAFPID-00025", "CSAFPID-00026", "CSAFPID-00027", "CSAFPID-00028", "CSAFPID-00029", "CSAFPID-00030", "CSAFPID-00031", "CSAFPID-00032", "CSAFPID-00033", "CSAFPID-00034", "CSAFPID-00035", "CSAFPID-00036", "CSAFPID-00037", "CSAFPID-00038", "CSAFPID-00039", "CSAFPID-00040", "CSAFPID-00041", "CSAFPID-00042", "CSAFPID-00043", "CSAFPID-00044", "CSAFPID-00045", "CSAFPID-00046", "CSAFPID-00047", "CSAFPID-00048", "CSAFPID-00049", "CSAFPID-00050", "CSAFPID-00051", "CSAFPID-00052", "CSAFPID-00053", "CSAFPID-00054", "CSAFPID-00055", "CSAFPID-00056", "CSAFPID-00057", "CSAFPID-00058", "CSAFPID-00059", "CSAFPID-00060", "CSAFPID-00061", "CSAFPID-00062", "CSAFPID-00063", "CSAFPID-00064", "CSAFPID-00065", "CSAFPID-00066", "CSAFPID-00067", "CSAFPID-00068" ] }, { "category": "mitigation", "details": "When possible, A-MSDU can be disabled to mitigate CVE-2020-24588 and CVE-2020-26144", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", "CSAFPID-00024", "CSAFPID-00025", "CSAFPID-00026", "CSAFPID-00027", "CSAFPID-00028", "CSAFPID-00029", "CSAFPID-00030", "CSAFPID-00031", "CSAFPID-00032", "CSAFPID-00033", "CSAFPID-00034", "CSAFPID-00035", "CSAFPID-00036", "CSAFPID-00037", "CSAFPID-00038", "CSAFPID-00039", "CSAFPID-00040", "CSAFPID-00041", "CSAFPID-00042", "CSAFPID-00043", "CSAFPID-00044", "CSAFPID-00045", "CSAFPID-00046", "CSAFPID-00047", "CSAFPID-00048", "CSAFPID-00049", "CSAFPID-00050", "CSAFPID-00051", "CSAFPID-00052", "CSAFPID-00053", "CSAFPID-00054", "CSAFPID-00055", "CSAFPID-00056", "CSAFPID-00057", "CSAFPID-00058", "CSAFPID-00059", "CSAFPID-00060", "CSAFPID-00061", "CSAFPID-00062", "CSAFPID-00063", "CSAFPID-00064", "CSAFPID-00065", "CSAFPID-00066", "CSAFPID-00067", "CSAFPID-00068" ] }, { "category": "mitigation", "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", "CSAFPID-00024", "CSAFPID-00025", "CSAFPID-00026", "CSAFPID-00027", "CSAFPID-00028", "CSAFPID-00029", "CSAFPID-00030", "CSAFPID-00031", "CSAFPID-00032", "CSAFPID-00033", "CSAFPID-00034", "CSAFPID-00035", "CSAFPID-00036", "CSAFPID-00037", "CSAFPID-00038", "CSAFPID-00039", "CSAFPID-00040", "CSAFPID-00041", "CSAFPID-00042", "CSAFPID-00043", "CSAFPID-00044", "CSAFPID-00045", "CSAFPID-00046", "CSAFPID-00047", "CSAFPID-00048", "CSAFPID-00049", "CSAFPID-00050", "CSAFPID-00051", "CSAFPID-00052", "CSAFPID-00053", "CSAFPID-00054", "CSAFPID-00055", "CSAFPID-00056", "CSAFPID-00057", "CSAFPID-00058", "CSAFPID-00059", "CSAFPID-00060", "CSAFPID-00061", "CSAFPID-00062", "CSAFPID-00063", "CSAFPID-00064", "CSAFPID-00065", "CSAFPID-00066", "CSAFPID-00067", "CSAFPID-00068" ] } ], "scores": [ { "cvss_v3": { "baseScore": 3.5, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", "CSAFPID-00024", "CSAFPID-00025", "CSAFPID-00026", "CSAFPID-00027", "CSAFPID-00028", "CSAFPID-00029", "CSAFPID-00030", "CSAFPID-00031", "CSAFPID-00032", "CSAFPID-00033", "CSAFPID-00034", "CSAFPID-00035", "CSAFPID-00036", "CSAFPID-00037", "CSAFPID-00038", "CSAFPID-00039", "CSAFPID-00040", "CSAFPID-00041", "CSAFPID-00042", "CSAFPID-00043", "CSAFPID-00044", "CSAFPID-00045", "CSAFPID-00046", "CSAFPID-00047", "CSAFPID-00048", "CSAFPID-00049", "CSAFPID-00050", "CSAFPID-00051", "CSAFPID-00052", "CSAFPID-00053", "CSAFPID-00054", "CSAFPID-00055", "CSAFPID-00056", "CSAFPID-00057", "CSAFPID-00058", "CSAFPID-00059", "CSAFPID-00060", "CSAFPID-00061", "CSAFPID-00062", "CSAFPID-00063", "CSAFPID-00064", "CSAFPID-00065", "CSAFPID-00066", "CSAFPID-00067", "CSAFPID-00068" ] } ], "title": "CVE-2020-24588" }, { "cve": "CVE-2020-26139", "cwe": { "id": "CWE-287", "name": "Improper Authentication" }, "notes": [ { "category": "summary", "text": "An issue was discovered in the kernel in NetBSD 7.1. An Access Point (AP) forwards EAPOL frames to other clients even though the sender has not yet successfully authenticated to the AP. This might be abused in projected Wi-Fi networks to launch denial-of-service attacks against connected clients and makes it easier to exploit other vulnerabilities in connected clients.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", "CSAFPID-00024", "CSAFPID-00025", "CSAFPID-00026", "CSAFPID-00027", "CSAFPID-00028", "CSAFPID-00029", "CSAFPID-00030", "CSAFPID-00031", "CSAFPID-00032", "CSAFPID-00033", "CSAFPID-00034", "CSAFPID-00035", "CSAFPID-00036", "CSAFPID-00037", "CSAFPID-00038", "CSAFPID-00039", "CSAFPID-00040", "CSAFPID-00041", "CSAFPID-00042", "CSAFPID-00043", "CSAFPID-00044", "CSAFPID-00045", "CSAFPID-00046", "CSAFPID-00047", "CSAFPID-00048", "CSAFPID-00049", "CSAFPID-00050", "CSAFPID-00051", "CSAFPID-00053", "CSAFPID-00054", "CSAFPID-00055", "CSAFPID-00056", "CSAFPID-00057", "CSAFPID-00058", "CSAFPID-00059", "CSAFPID-00060", "CSAFPID-00061", "CSAFPID-00062", "CSAFPID-00063", "CSAFPID-00064", "CSAFPID-00065", "CSAFPID-00066", "CSAFPID-00067", "CSAFPID-00068" ] }, "references": [ { "summary": "CVE-2020-26139 - SCALANCE W1748-1 M12", "url": "https://support.industry.siemens.com/cs/ww/en/view/109808629/" }, { "summary": "CVE-2020-26139 - SCALANCE W1748-1 M12", "url": "https://support.industry.siemens.com/cs/ww/en/view/109808629/" }, { "summary": "CVE-2020-26139 - SCALANCE W1788-1 M12", "url": "https://support.industry.siemens.com/cs/ww/en/view/109808629/" }, { "summary": "CVE-2020-26139 - SCALANCE W1788-2 EEC M12", "url": "https://support.industry.siemens.com/cs/ww/en/view/109808629/" }, { "summary": "CVE-2020-26139 - SCALANCE W1788-2 M12", "url": "https://support.industry.siemens.com/cs/ww/en/view/109808629/" }, { "summary": "CVE-2020-26139 - SCALANCE W1788-2IA M12", "url": "https://support.industry.siemens.com/cs/ww/en/view/109808629/" }, { "summary": "CVE-2020-26139 - SCALANCE WAM763-1", "url": "https://support.industry.siemens.com/cs/de/en/view/109805887" }, { "summary": "CVE-2020-26139 - SCALANCE WAM766-1", "url": "https://support.industry.siemens.com/cs/de/en/view/109805887" }, { "summary": "CVE-2020-26139 - SCALANCE WAM766-1", "url": "https://support.industry.siemens.com/cs/de/en/view/109805887" }, { "summary": "CVE-2020-26139 - SCALANCE WAM766-1 6GHz", "url": "https://support.industry.siemens.com/cs/de/en/view/109805887" }, { "summary": "CVE-2020-26139 - SCALANCE WAM766-1 EEC", "url": "https://support.industry.siemens.com/cs/de/en/view/109805887" }, { "summary": "CVE-2020-26139 - SCALANCE WAM766-1 EEC", "url": "https://support.industry.siemens.com/cs/de/en/view/109805887" }, { "summary": "CVE-2020-26139 - SCALANCE WAM766-1 EEC 6GHz", "url": "https://support.industry.siemens.com/cs/de/en/view/109805887" }, { "summary": "CVE-2020-26139 - SCALANCE WUM763-1", "url": "https://support.industry.siemens.com/cs/de/en/view/109805887" }, { "summary": "CVE-2020-26139 - SCALANCE WUM763-1", "url": "https://support.industry.siemens.com/cs/de/en/view/109805887" }, { "summary": "CVE-2020-26139 - SCALANCE WUM766-1", "url": "https://support.industry.siemens.com/cs/de/en/view/109805887" }, { "summary": "CVE-2020-26139 - SCALANCE WUM766-1", "url": "https://support.industry.siemens.com/cs/de/en/view/109805887" }, { "summary": "CVE-2020-26139 - SCALANCE WUM766-1 6GHz", "url": "https://support.industry.siemens.com/cs/de/en/view/109805887" }, { "summary": "CVE-2020-26139 Mitre 5.0 json", "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2020-26139.json" }, { "category": "external", "summary": "web.nvd.nist.gov", "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26139" }, { "category": "external", "summary": "www.first.org", "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "remediations": [ { "category": "no_fix_planned", "details": "Currently no fix is planned", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", "CSAFPID-00024", "CSAFPID-00025", "CSAFPID-00026", "CSAFPID-00027", "CSAFPID-00028", "CSAFPID-00029", "CSAFPID-00030", "CSAFPID-00031", "CSAFPID-00032", "CSAFPID-00033", "CSAFPID-00034", "CSAFPID-00035", "CSAFPID-00036", "CSAFPID-00037", "CSAFPID-00038", "CSAFPID-00039", "CSAFPID-00040", "CSAFPID-00041", "CSAFPID-00042", "CSAFPID-00043", "CSAFPID-00044", "CSAFPID-00045", "CSAFPID-00046", "CSAFPID-00047", "CSAFPID-00048", "CSAFPID-00049" ] }, { "category": "vendor_fix", "details": "Update to V3.0.0 or later version", "product_ids": [ "CSAFPID-00050", "CSAFPID-00051", "CSAFPID-00053", "CSAFPID-00054", "CSAFPID-00055", "CSAFPID-00056" ], "url": "https://support.industry.siemens.com/cs/ww/en/view/109808629/" }, { "category": "vendor_fix", "details": "Update to V1.2 or later version", "product_ids": [ "CSAFPID-00057", "CSAFPID-00058", "CSAFPID-00059", "CSAFPID-00060", "CSAFPID-00061", "CSAFPID-00062", "CSAFPID-00063", "CSAFPID-00064", "CSAFPID-00065", "CSAFPID-00066", "CSAFPID-00067", "CSAFPID-00068" ], "url": "https://support.industry.siemens.com/cs/de/en/view/109805887" }, { "category": "mitigation", "details": "As these vulnerabilities can only be exploited within Wi-Fi range, when possible reduce Wi-Fi transmission power or make sure to have the devices in private areas with physical access controls", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", "CSAFPID-00024", "CSAFPID-00025", "CSAFPID-00026", "CSAFPID-00027", "CSAFPID-00028", "CSAFPID-00029", "CSAFPID-00030", "CSAFPID-00031", "CSAFPID-00032", "CSAFPID-00033", "CSAFPID-00034", "CSAFPID-00035", "CSAFPID-00036", "CSAFPID-00037", "CSAFPID-00038", "CSAFPID-00039", "CSAFPID-00040", "CSAFPID-00041", "CSAFPID-00042", "CSAFPID-00043", "CSAFPID-00044", "CSAFPID-00045", "CSAFPID-00046", "CSAFPID-00047", "CSAFPID-00048", "CSAFPID-00049", "CSAFPID-00050", "CSAFPID-00051", "CSAFPID-00053", "CSAFPID-00054", "CSAFPID-00055", "CSAFPID-00056", "CSAFPID-00057", "CSAFPID-00058", "CSAFPID-00059", "CSAFPID-00060", "CSAFPID-00061", "CSAFPID-00062", "CSAFPID-00063", "CSAFPID-00064", "CSAFPID-00065", "CSAFPID-00066", "CSAFPID-00067", "CSAFPID-00068" ] }, { "category": "mitigation", "details": "When possible, A-MSDU can be disabled to mitigate CVE-2020-24588 and CVE-2020-26144", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", "CSAFPID-00024", "CSAFPID-00025", "CSAFPID-00026", "CSAFPID-00027", "CSAFPID-00028", "CSAFPID-00029", "CSAFPID-00030", "CSAFPID-00031", "CSAFPID-00032", "CSAFPID-00033", "CSAFPID-00034", "CSAFPID-00035", "CSAFPID-00036", "CSAFPID-00037", "CSAFPID-00038", "CSAFPID-00039", "CSAFPID-00040", "CSAFPID-00041", "CSAFPID-00042", "CSAFPID-00043", "CSAFPID-00044", "CSAFPID-00045", "CSAFPID-00046", "CSAFPID-00047", "CSAFPID-00048", "CSAFPID-00049", "CSAFPID-00050", "CSAFPID-00051", "CSAFPID-00053", "CSAFPID-00054", "CSAFPID-00055", "CSAFPID-00056", "CSAFPID-00057", "CSAFPID-00058", "CSAFPID-00059", "CSAFPID-00060", "CSAFPID-00061", "CSAFPID-00062", "CSAFPID-00063", "CSAFPID-00064", "CSAFPID-00065", "CSAFPID-00066", "CSAFPID-00067", "CSAFPID-00068" ] }, { "category": "mitigation", "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", "CSAFPID-00024", "CSAFPID-00025", "CSAFPID-00026", "CSAFPID-00027", "CSAFPID-00028", "CSAFPID-00029", "CSAFPID-00030", "CSAFPID-00031", "CSAFPID-00032", "CSAFPID-00033", "CSAFPID-00034", "CSAFPID-00035", "CSAFPID-00036", "CSAFPID-00037", "CSAFPID-00038", "CSAFPID-00039", "CSAFPID-00040", "CSAFPID-00041", "CSAFPID-00042", "CSAFPID-00043", "CSAFPID-00044", "CSAFPID-00045", "CSAFPID-00046", "CSAFPID-00047", "CSAFPID-00048", "CSAFPID-00049", "CSAFPID-00050", "CSAFPID-00051", "CSAFPID-00053", "CSAFPID-00054", "CSAFPID-00055", "CSAFPID-00056", "CSAFPID-00057", "CSAFPID-00058", "CSAFPID-00059", "CSAFPID-00060", "CSAFPID-00061", "CSAFPID-00062", "CSAFPID-00063", "CSAFPID-00064", "CSAFPID-00065", "CSAFPID-00066", "CSAFPID-00067", "CSAFPID-00068" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", "CSAFPID-00024", "CSAFPID-00025", "CSAFPID-00026", "CSAFPID-00027", "CSAFPID-00028", "CSAFPID-00029", "CSAFPID-00030", "CSAFPID-00031", "CSAFPID-00032", "CSAFPID-00033", "CSAFPID-00034", "CSAFPID-00035", "CSAFPID-00036", "CSAFPID-00037", "CSAFPID-00038", "CSAFPID-00039", "CSAFPID-00040", "CSAFPID-00041", "CSAFPID-00042", "CSAFPID-00043", "CSAFPID-00044", "CSAFPID-00045", "CSAFPID-00046", "CSAFPID-00047", "CSAFPID-00048", "CSAFPID-00049", "CSAFPID-00050", "CSAFPID-00051", "CSAFPID-00053", "CSAFPID-00054", "CSAFPID-00055", "CSAFPID-00056", "CSAFPID-00057", "CSAFPID-00058", "CSAFPID-00059", "CSAFPID-00060", "CSAFPID-00061", "CSAFPID-00062", "CSAFPID-00063", "CSAFPID-00064", "CSAFPID-00065", "CSAFPID-00066", "CSAFPID-00067", "CSAFPID-00068" ] } ], "title": "CVE-2020-26139" }, { "cve": "CVE-2020-26140", "cwe": { "id": "CWE-74", "name": "Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)" }, "notes": [ { "category": "summary", "text": "An issue was discovered in the ALFA Windows 10 driver 6.1316.1209 for AWUS036H. The WEP, WPA, WPA2, and WPA3 implementations accept plaintext frames in a protected Wi-Fi network. An adversary can abuse this to inject arbitrary data frames independent of the network configuration.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", "CSAFPID-00024", "CSAFPID-00025", "CSAFPID-00026", "CSAFPID-00027", "CSAFPID-00028", "CSAFPID-00029", "CSAFPID-00030", "CSAFPID-00031", "CSAFPID-00032", "CSAFPID-00033", "CSAFPID-00034", "CSAFPID-00035", "CSAFPID-00036", "CSAFPID-00037", "CSAFPID-00038", "CSAFPID-00039", "CSAFPID-00040", "CSAFPID-00041", "CSAFPID-00042", "CSAFPID-00043", "CSAFPID-00044", "CSAFPID-00045", "CSAFPID-00046", "CSAFPID-00047", "CSAFPID-00048", "CSAFPID-00049" ] }, "references": [ { "summary": "CVE-2020-26140 Mitre 5.0 json", "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2020-26140.json" }, { "category": "external", "summary": "web.nvd.nist.gov", "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26140" }, { "category": "external", "summary": "www.first.org", "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "remediations": [ { "category": "no_fix_planned", "details": "Currently no fix is planned", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", "CSAFPID-00024", "CSAFPID-00025", "CSAFPID-00026", "CSAFPID-00027", "CSAFPID-00028", "CSAFPID-00029", "CSAFPID-00030", "CSAFPID-00031", "CSAFPID-00032", "CSAFPID-00033", "CSAFPID-00034", "CSAFPID-00035", "CSAFPID-00036", "CSAFPID-00037", "CSAFPID-00038", "CSAFPID-00039", "CSAFPID-00040", "CSAFPID-00041", "CSAFPID-00042", "CSAFPID-00043", "CSAFPID-00044", "CSAFPID-00045", "CSAFPID-00046", "CSAFPID-00047", "CSAFPID-00048", "CSAFPID-00049" ] }, { "category": "mitigation", "details": "As these vulnerabilities can only be exploited within Wi-Fi range, when possible reduce Wi-Fi transmission power or make sure to have the devices in private areas with physical access controls", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", "CSAFPID-00024", "CSAFPID-00025", "CSAFPID-00026", "CSAFPID-00027", "CSAFPID-00028", "CSAFPID-00029", "CSAFPID-00030", "CSAFPID-00031", "CSAFPID-00032", "CSAFPID-00033", "CSAFPID-00034", "CSAFPID-00035", "CSAFPID-00036", "CSAFPID-00037", "CSAFPID-00038", "CSAFPID-00039", "CSAFPID-00040", "CSAFPID-00041", "CSAFPID-00042", "CSAFPID-00043", "CSAFPID-00044", "CSAFPID-00045", "CSAFPID-00046", "CSAFPID-00047", "CSAFPID-00048", "CSAFPID-00049" ] }, { "category": "mitigation", "details": "When possible, A-MSDU can be disabled to mitigate CVE-2020-24588 and CVE-2020-26144", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", "CSAFPID-00024", "CSAFPID-00025", "CSAFPID-00026", "CSAFPID-00027", "CSAFPID-00028", "CSAFPID-00029", "CSAFPID-00030", "CSAFPID-00031", "CSAFPID-00032", "CSAFPID-00033", "CSAFPID-00034", "CSAFPID-00035", "CSAFPID-00036", "CSAFPID-00037", "CSAFPID-00038", "CSAFPID-00039", "CSAFPID-00040", "CSAFPID-00041", "CSAFPID-00042", "CSAFPID-00043", "CSAFPID-00044", "CSAFPID-00045", "CSAFPID-00046", "CSAFPID-00047", "CSAFPID-00048", "CSAFPID-00049" ] }, { "category": "mitigation", "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", "CSAFPID-00024", "CSAFPID-00025", "CSAFPID-00026", "CSAFPID-00027", "CSAFPID-00028", "CSAFPID-00029", "CSAFPID-00030", "CSAFPID-00031", "CSAFPID-00032", "CSAFPID-00033", "CSAFPID-00034", "CSAFPID-00035", "CSAFPID-00036", "CSAFPID-00037", "CSAFPID-00038", "CSAFPID-00039", "CSAFPID-00040", "CSAFPID-00041", "CSAFPID-00042", "CSAFPID-00043", "CSAFPID-00044", "CSAFPID-00045", "CSAFPID-00046", "CSAFPID-00047", "CSAFPID-00048", "CSAFPID-00049" ] } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", "CSAFPID-00024", "CSAFPID-00025", "CSAFPID-00026", "CSAFPID-00027", "CSAFPID-00028", "CSAFPID-00029", "CSAFPID-00030", "CSAFPID-00031", "CSAFPID-00032", "CSAFPID-00033", "CSAFPID-00034", "CSAFPID-00035", "CSAFPID-00036", "CSAFPID-00037", "CSAFPID-00038", "CSAFPID-00039", "CSAFPID-00040", "CSAFPID-00041", "CSAFPID-00042", "CSAFPID-00043", "CSAFPID-00044", "CSAFPID-00045", "CSAFPID-00046", "CSAFPID-00047", "CSAFPID-00048", "CSAFPID-00049" ] } ], "title": "CVE-2020-26140" }, { "cve": "CVE-2020-26141", "cwe": { "id": "CWE-354", "name": "Improper Validation of Integrity Check Value" }, "notes": [ { "category": "summary", "text": "An issue was discovered in the ALFA Windows 10 driver 6.1316.1209 for AWUS036H. The Wi-Fi implementation does not verify the Message Integrity Check (authenticity) of fragmented TKIP frames. An adversary can abuse this to inject and possibly decrypt packets in WPA or WPA2 networks that support the TKIP data-confidentiality protocol.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", "CSAFPID-00024", "CSAFPID-00025", "CSAFPID-00026", "CSAFPID-00027", "CSAFPID-00028", "CSAFPID-00029", "CSAFPID-00030", "CSAFPID-00031", "CSAFPID-00032", "CSAFPID-00033", "CSAFPID-00034", "CSAFPID-00035", "CSAFPID-00036", "CSAFPID-00037", "CSAFPID-00038", "CSAFPID-00039", "CSAFPID-00040", "CSAFPID-00041", "CSAFPID-00042", "CSAFPID-00043", "CSAFPID-00044", "CSAFPID-00045", "CSAFPID-00046", "CSAFPID-00047", "CSAFPID-00048", "CSAFPID-00049" ] }, "references": [ { "summary": "CVE-2020-26141 Mitre 5.0 json", "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2020-26141.json" }, { "category": "external", "summary": "web.nvd.nist.gov", "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26141" }, { "category": "external", "summary": "www.first.org", "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "remediations": [ { "category": "no_fix_planned", "details": "Currently no fix is planned", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", "CSAFPID-00024", "CSAFPID-00025", "CSAFPID-00026", "CSAFPID-00027", "CSAFPID-00028", "CSAFPID-00029", "CSAFPID-00030", "CSAFPID-00031", "CSAFPID-00032", "CSAFPID-00033", "CSAFPID-00034", "CSAFPID-00035", "CSAFPID-00036", "CSAFPID-00037", "CSAFPID-00038", "CSAFPID-00039", "CSAFPID-00040", "CSAFPID-00041", "CSAFPID-00042", "CSAFPID-00043", "CSAFPID-00044", "CSAFPID-00045", "CSAFPID-00046", "CSAFPID-00047", "CSAFPID-00048", "CSAFPID-00049" ] }, { "category": "mitigation", "details": "As these vulnerabilities can only be exploited within Wi-Fi range, when possible reduce Wi-Fi transmission power or make sure to have the devices in private areas with physical access controls", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", "CSAFPID-00024", "CSAFPID-00025", "CSAFPID-00026", "CSAFPID-00027", "CSAFPID-00028", "CSAFPID-00029", "CSAFPID-00030", "CSAFPID-00031", "CSAFPID-00032", "CSAFPID-00033", "CSAFPID-00034", "CSAFPID-00035", "CSAFPID-00036", "CSAFPID-00037", "CSAFPID-00038", "CSAFPID-00039", "CSAFPID-00040", "CSAFPID-00041", "CSAFPID-00042", "CSAFPID-00043", "CSAFPID-00044", "CSAFPID-00045", "CSAFPID-00046", "CSAFPID-00047", "CSAFPID-00048", "CSAFPID-00049" ] }, { "category": "mitigation", "details": "When possible, A-MSDU can be disabled to mitigate CVE-2020-24588 and CVE-2020-26144", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", "CSAFPID-00024", "CSAFPID-00025", "CSAFPID-00026", "CSAFPID-00027", "CSAFPID-00028", "CSAFPID-00029", "CSAFPID-00030", "CSAFPID-00031", "CSAFPID-00032", "CSAFPID-00033", "CSAFPID-00034", "CSAFPID-00035", "CSAFPID-00036", "CSAFPID-00037", "CSAFPID-00038", "CSAFPID-00039", "CSAFPID-00040", "CSAFPID-00041", "CSAFPID-00042", "CSAFPID-00043", "CSAFPID-00044", "CSAFPID-00045", "CSAFPID-00046", "CSAFPID-00047", "CSAFPID-00048", "CSAFPID-00049" ] }, { "category": "mitigation", "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", "CSAFPID-00024", "CSAFPID-00025", "CSAFPID-00026", "CSAFPID-00027", "CSAFPID-00028", "CSAFPID-00029", "CSAFPID-00030", "CSAFPID-00031", "CSAFPID-00032", "CSAFPID-00033", "CSAFPID-00034", "CSAFPID-00035", "CSAFPID-00036", "CSAFPID-00037", "CSAFPID-00038", "CSAFPID-00039", "CSAFPID-00040", "CSAFPID-00041", "CSAFPID-00042", "CSAFPID-00043", "CSAFPID-00044", "CSAFPID-00045", "CSAFPID-00046", "CSAFPID-00047", "CSAFPID-00048", "CSAFPID-00049" ] } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", "CSAFPID-00024", "CSAFPID-00025", "CSAFPID-00026", "CSAFPID-00027", "CSAFPID-00028", "CSAFPID-00029", "CSAFPID-00030", "CSAFPID-00031", "CSAFPID-00032", "CSAFPID-00033", "CSAFPID-00034", "CSAFPID-00035", "CSAFPID-00036", "CSAFPID-00037", "CSAFPID-00038", "CSAFPID-00039", "CSAFPID-00040", "CSAFPID-00041", "CSAFPID-00042", "CSAFPID-00043", "CSAFPID-00044", "CSAFPID-00045", "CSAFPID-00046", "CSAFPID-00047", "CSAFPID-00048", "CSAFPID-00049" ] } ], "title": "CVE-2020-26141" }, { "cve": "CVE-2020-26143", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "notes": [ { "category": "summary", "text": "An issue was discovered in the ALFA Windows 10 driver 1030.36.604 for AWUS036ACH. The WEP, WPA, WPA2, and WPA3 implementations accept fragmented plaintext frames in a protected Wi-Fi network. An adversary can abuse this to inject arbitrary data frames independent of the network configuration.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", "CSAFPID-00024", "CSAFPID-00025", "CSAFPID-00026", "CSAFPID-00027", "CSAFPID-00028", "CSAFPID-00029", "CSAFPID-00030", "CSAFPID-00031", "CSAFPID-00032", "CSAFPID-00033", "CSAFPID-00034", "CSAFPID-00035", "CSAFPID-00036", "CSAFPID-00037", "CSAFPID-00038", "CSAFPID-00039", "CSAFPID-00040", "CSAFPID-00041", "CSAFPID-00042", "CSAFPID-00043", "CSAFPID-00044", "CSAFPID-00045", "CSAFPID-00046", "CSAFPID-00047", "CSAFPID-00048", "CSAFPID-00049" ] }, "references": [ { "summary": "CVE-2020-26143 Mitre 5.0 json", "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2020-26143.json" }, { "category": "external", "summary": "web.nvd.nist.gov", "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26143" }, { "category": "external", "summary": "www.first.org", "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "remediations": [ { "category": "no_fix_planned", "details": "Currently no fix is planned", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", "CSAFPID-00024", "CSAFPID-00025", "CSAFPID-00026", "CSAFPID-00027", "CSAFPID-00028", "CSAFPID-00029", "CSAFPID-00030", "CSAFPID-00031", "CSAFPID-00032", "CSAFPID-00033", "CSAFPID-00034", "CSAFPID-00035", "CSAFPID-00036", "CSAFPID-00037", "CSAFPID-00038", "CSAFPID-00039", "CSAFPID-00040", "CSAFPID-00041", "CSAFPID-00042", "CSAFPID-00043", "CSAFPID-00044", "CSAFPID-00045", "CSAFPID-00046", "CSAFPID-00047", "CSAFPID-00048", "CSAFPID-00049" ] }, { "category": "mitigation", "details": "As these vulnerabilities can only be exploited within Wi-Fi range, when possible reduce Wi-Fi transmission power or make sure to have the devices in private areas with physical access controls", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", "CSAFPID-00024", "CSAFPID-00025", "CSAFPID-00026", "CSAFPID-00027", "CSAFPID-00028", "CSAFPID-00029", "CSAFPID-00030", "CSAFPID-00031", "CSAFPID-00032", "CSAFPID-00033", "CSAFPID-00034", "CSAFPID-00035", "CSAFPID-00036", "CSAFPID-00037", "CSAFPID-00038", "CSAFPID-00039", "CSAFPID-00040", "CSAFPID-00041", "CSAFPID-00042", "CSAFPID-00043", "CSAFPID-00044", "CSAFPID-00045", "CSAFPID-00046", "CSAFPID-00047", "CSAFPID-00048", "CSAFPID-00049" ] }, { "category": "mitigation", "details": "When possible, A-MSDU can be disabled to mitigate CVE-2020-24588 and CVE-2020-26144", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", "CSAFPID-00024", "CSAFPID-00025", "CSAFPID-00026", "CSAFPID-00027", "CSAFPID-00028", "CSAFPID-00029", "CSAFPID-00030", "CSAFPID-00031", "CSAFPID-00032", "CSAFPID-00033", "CSAFPID-00034", "CSAFPID-00035", "CSAFPID-00036", "CSAFPID-00037", "CSAFPID-00038", "CSAFPID-00039", "CSAFPID-00040", "CSAFPID-00041", "CSAFPID-00042", "CSAFPID-00043", "CSAFPID-00044", "CSAFPID-00045", "CSAFPID-00046", "CSAFPID-00047", "CSAFPID-00048", "CSAFPID-00049" ] }, { "category": "mitigation", "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", "CSAFPID-00024", "CSAFPID-00025", "CSAFPID-00026", "CSAFPID-00027", "CSAFPID-00028", "CSAFPID-00029", "CSAFPID-00030", "CSAFPID-00031", "CSAFPID-00032", "CSAFPID-00033", "CSAFPID-00034", "CSAFPID-00035", "CSAFPID-00036", "CSAFPID-00037", "CSAFPID-00038", "CSAFPID-00039", "CSAFPID-00040", "CSAFPID-00041", "CSAFPID-00042", "CSAFPID-00043", "CSAFPID-00044", "CSAFPID-00045", "CSAFPID-00046", "CSAFPID-00047", "CSAFPID-00048", "CSAFPID-00049" ] } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", "CSAFPID-00024", "CSAFPID-00025", "CSAFPID-00026", "CSAFPID-00027", "CSAFPID-00028", "CSAFPID-00029", "CSAFPID-00030", "CSAFPID-00031", "CSAFPID-00032", "CSAFPID-00033", "CSAFPID-00034", "CSAFPID-00035", "CSAFPID-00036", "CSAFPID-00037", "CSAFPID-00038", "CSAFPID-00039", "CSAFPID-00040", "CSAFPID-00041", "CSAFPID-00042", "CSAFPID-00043", "CSAFPID-00044", "CSAFPID-00045", "CSAFPID-00046", "CSAFPID-00047", "CSAFPID-00048", "CSAFPID-00049" ] } ], "title": "CVE-2020-26143" }, { "cve": "CVE-2020-26144", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "notes": [ { "category": "summary", "text": "An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WEP, WPA, WPA2, and WPA3 implementations accept plaintext A-MSDU frames as long as the first 8 bytes correspond to a valid RFC1042 (i.e., LLC/SNAP) header for EAPOL. An adversary can abuse this to inject arbitrary network packets independent of the network configuration.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", "CSAFPID-00024", "CSAFPID-00025", "CSAFPID-00026", "CSAFPID-00027", "CSAFPID-00028", "CSAFPID-00029", "CSAFPID-00030", "CSAFPID-00031", "CSAFPID-00032", "CSAFPID-00033", "CSAFPID-00034", "CSAFPID-00035", "CSAFPID-00036", "CSAFPID-00037", "CSAFPID-00038", "CSAFPID-00039", "CSAFPID-00040", "CSAFPID-00041", "CSAFPID-00042", "CSAFPID-00043", "CSAFPID-00044", "CSAFPID-00045", "CSAFPID-00046", "CSAFPID-00047", "CSAFPID-00048", "CSAFPID-00049", "CSAFPID-00057", "CSAFPID-00058", "CSAFPID-00059", "CSAFPID-00060", "CSAFPID-00061", "CSAFPID-00062", "CSAFPID-00063", "CSAFPID-00064", "CSAFPID-00065", "CSAFPID-00066", "CSAFPID-00067", "CSAFPID-00068" ] }, "references": [ { "summary": "CVE-2020-26144 - SCALANCE WAM763-1", "url": "https://support.industry.siemens.com/cs/de/en/view/109805887" }, { "summary": "CVE-2020-26144 - SCALANCE WAM766-1", "url": "https://support.industry.siemens.com/cs/de/en/view/109805887" }, { "summary": "CVE-2020-26144 - SCALANCE WAM766-1", "url": "https://support.industry.siemens.com/cs/de/en/view/109805887" }, { "summary": "CVE-2020-26144 - SCALANCE WAM766-1 6GHz", "url": "https://support.industry.siemens.com/cs/de/en/view/109805887" }, { "summary": "CVE-2020-26144 - SCALANCE WAM766-1 EEC", "url": "https://support.industry.siemens.com/cs/de/en/view/109805887" }, { "summary": "CVE-2020-26144 - SCALANCE WAM766-1 EEC", "url": "https://support.industry.siemens.com/cs/de/en/view/109805887" }, { "summary": "CVE-2020-26144 - SCALANCE WAM766-1 EEC 6GHz", "url": "https://support.industry.siemens.com/cs/de/en/view/109805887" }, { "summary": "CVE-2020-26144 - SCALANCE WUM763-1", "url": "https://support.industry.siemens.com/cs/de/en/view/109805887" }, { "summary": "CVE-2020-26144 - SCALANCE WUM763-1", "url": "https://support.industry.siemens.com/cs/de/en/view/109805887" }, { "summary": "CVE-2020-26144 - SCALANCE WUM766-1", "url": "https://support.industry.siemens.com/cs/de/en/view/109805887" }, { "summary": "CVE-2020-26144 - SCALANCE WUM766-1", "url": "https://support.industry.siemens.com/cs/de/en/view/109805887" }, { "summary": "CVE-2020-26144 - SCALANCE WUM766-1 6GHz", "url": "https://support.industry.siemens.com/cs/de/en/view/109805887" }, { "summary": "CVE-2020-26144 Mitre 5.0 json", "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2020-26144.json" }, { "category": "external", "summary": "web.nvd.nist.gov", "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26144" }, { "category": "external", "summary": "www.first.org", "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "remediations": [ { "category": "no_fix_planned", "details": "Currently no fix is planned", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", "CSAFPID-00024", "CSAFPID-00025", "CSAFPID-00026", "CSAFPID-00027", "CSAFPID-00028", "CSAFPID-00029", "CSAFPID-00030", "CSAFPID-00031", "CSAFPID-00032", "CSAFPID-00033", "CSAFPID-00034", "CSAFPID-00035", "CSAFPID-00036", "CSAFPID-00037", "CSAFPID-00038", "CSAFPID-00039", "CSAFPID-00040", "CSAFPID-00041", "CSAFPID-00042", "CSAFPID-00043", "CSAFPID-00044", "CSAFPID-00045", "CSAFPID-00046", "CSAFPID-00047", "CSAFPID-00048", "CSAFPID-00049" ] }, { "category": "vendor_fix", "details": "Update to V1.2 or later version", "product_ids": [ "CSAFPID-00057", "CSAFPID-00058", "CSAFPID-00059", "CSAFPID-00060", "CSAFPID-00061", "CSAFPID-00062", "CSAFPID-00063", "CSAFPID-00064", "CSAFPID-00065", "CSAFPID-00066", "CSAFPID-00067", "CSAFPID-00068" ], "url": "https://support.industry.siemens.com/cs/de/en/view/109805887" }, { "category": "mitigation", "details": "As these vulnerabilities can only be exploited within Wi-Fi range, when possible reduce Wi-Fi transmission power or make sure to have the devices in private areas with physical access controls", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", "CSAFPID-00024", "CSAFPID-00025", "CSAFPID-00026", "CSAFPID-00027", "CSAFPID-00028", "CSAFPID-00029", "CSAFPID-00030", "CSAFPID-00031", "CSAFPID-00032", "CSAFPID-00033", "CSAFPID-00034", "CSAFPID-00035", "CSAFPID-00036", "CSAFPID-00037", "CSAFPID-00038", "CSAFPID-00039", "CSAFPID-00040", "CSAFPID-00041", "CSAFPID-00042", "CSAFPID-00043", "CSAFPID-00044", "CSAFPID-00045", "CSAFPID-00046", "CSAFPID-00047", "CSAFPID-00048", "CSAFPID-00049", "CSAFPID-00057", "CSAFPID-00058", "CSAFPID-00059", "CSAFPID-00060", "CSAFPID-00061", "CSAFPID-00062", "CSAFPID-00063", "CSAFPID-00064", "CSAFPID-00065", "CSAFPID-00066", "CSAFPID-00067", "CSAFPID-00068" ] }, { "category": "mitigation", "details": "When possible, A-MSDU can be disabled to mitigate CVE-2020-24588 and CVE-2020-26144", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", "CSAFPID-00024", "CSAFPID-00025", "CSAFPID-00026", "CSAFPID-00027", "CSAFPID-00028", "CSAFPID-00029", "CSAFPID-00030", "CSAFPID-00031", "CSAFPID-00032", "CSAFPID-00033", "CSAFPID-00034", "CSAFPID-00035", "CSAFPID-00036", "CSAFPID-00037", "CSAFPID-00038", "CSAFPID-00039", "CSAFPID-00040", "CSAFPID-00041", "CSAFPID-00042", "CSAFPID-00043", "CSAFPID-00044", "CSAFPID-00045", "CSAFPID-00046", "CSAFPID-00047", "CSAFPID-00048", "CSAFPID-00049", "CSAFPID-00057", "CSAFPID-00058", "CSAFPID-00059", "CSAFPID-00060", "CSAFPID-00061", "CSAFPID-00062", "CSAFPID-00063", "CSAFPID-00064", "CSAFPID-00065", "CSAFPID-00066", "CSAFPID-00067", "CSAFPID-00068" ] }, { "category": "mitigation", "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", "CSAFPID-00024", "CSAFPID-00025", "CSAFPID-00026", "CSAFPID-00027", "CSAFPID-00028", "CSAFPID-00029", "CSAFPID-00030", "CSAFPID-00031", "CSAFPID-00032", "CSAFPID-00033", "CSAFPID-00034", "CSAFPID-00035", "CSAFPID-00036", "CSAFPID-00037", "CSAFPID-00038", "CSAFPID-00039", "CSAFPID-00040", "CSAFPID-00041", "CSAFPID-00042", "CSAFPID-00043", "CSAFPID-00044", "CSAFPID-00045", "CSAFPID-00046", "CSAFPID-00047", "CSAFPID-00048", "CSAFPID-00049", "CSAFPID-00057", "CSAFPID-00058", "CSAFPID-00059", "CSAFPID-00060", "CSAFPID-00061", "CSAFPID-00062", "CSAFPID-00063", "CSAFPID-00064", "CSAFPID-00065", "CSAFPID-00066", "CSAFPID-00067", "CSAFPID-00068" ] } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", "CSAFPID-00024", "CSAFPID-00025", "CSAFPID-00026", "CSAFPID-00027", "CSAFPID-00028", "CSAFPID-00029", "CSAFPID-00030", "CSAFPID-00031", "CSAFPID-00032", "CSAFPID-00033", "CSAFPID-00034", "CSAFPID-00035", "CSAFPID-00036", "CSAFPID-00037", "CSAFPID-00038", "CSAFPID-00039", "CSAFPID-00040", "CSAFPID-00041", "CSAFPID-00042", "CSAFPID-00043", "CSAFPID-00044", "CSAFPID-00045", "CSAFPID-00046", "CSAFPID-00047", "CSAFPID-00048", "CSAFPID-00049", "CSAFPID-00057", "CSAFPID-00058", "CSAFPID-00059", "CSAFPID-00060", "CSAFPID-00061", "CSAFPID-00062", "CSAFPID-00063", "CSAFPID-00064", "CSAFPID-00065", "CSAFPID-00066", "CSAFPID-00067", "CSAFPID-00068" ] } ], "title": "CVE-2020-26144" }, { "cve": "CVE-2020-26145", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "notes": [ { "category": "summary", "text": "An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WEP, WPA, WPA2, and WPA3 implementations accept second (or subsequent) broadcast fragments even when sent in plaintext and process them as full unfragmented frames. An adversary can abuse this to inject arbitrary network packets independent of the network configuration.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-00057", "CSAFPID-00058", "CSAFPID-00059", "CSAFPID-00060", "CSAFPID-00061", "CSAFPID-00062", "CSAFPID-00063", "CSAFPID-00064", "CSAFPID-00065", "CSAFPID-00066", "CSAFPID-00067", "CSAFPID-00068" ] }, "references": [ { "summary": "CVE-2020-26145 - SCALANCE WAM763-1", "url": "https://support.industry.siemens.com/cs/de/en/view/109805887" }, { "summary": "CVE-2020-26145 - SCALANCE WAM766-1", "url": "https://support.industry.siemens.com/cs/de/en/view/109805887" }, { "summary": "CVE-2020-26145 - SCALANCE WAM766-1", "url": "https://support.industry.siemens.com/cs/de/en/view/109805887" }, { "summary": "CVE-2020-26145 - SCALANCE WAM766-1 6GHz", "url": "https://support.industry.siemens.com/cs/de/en/view/109805887" }, { "summary": "CVE-2020-26145 - SCALANCE WAM766-1 EEC", "url": "https://support.industry.siemens.com/cs/de/en/view/109805887" }, { "summary": "CVE-2020-26145 - SCALANCE WAM766-1 EEC", "url": "https://support.industry.siemens.com/cs/de/en/view/109805887" }, { "summary": "CVE-2020-26145 - SCALANCE WAM766-1 EEC 6GHz", "url": "https://support.industry.siemens.com/cs/de/en/view/109805887" }, { "summary": "CVE-2020-26145 - SCALANCE WUM763-1", "url": "https://support.industry.siemens.com/cs/de/en/view/109805887" }, { "summary": "CVE-2020-26145 - SCALANCE WUM763-1", "url": "https://support.industry.siemens.com/cs/de/en/view/109805887" }, { "summary": "CVE-2020-26145 - SCALANCE WUM766-1", "url": "https://support.industry.siemens.com/cs/de/en/view/109805887" }, { "summary": "CVE-2020-26145 - SCALANCE WUM766-1", "url": "https://support.industry.siemens.com/cs/de/en/view/109805887" }, { "summary": "CVE-2020-26145 - SCALANCE WUM766-1 6GHz", "url": "https://support.industry.siemens.com/cs/de/en/view/109805887" }, { "summary": "CVE-2020-26145 Mitre 5.0 json", "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2020-26145.json" }, { "category": "external", "summary": "web.nvd.nist.gov", "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26145" }, { "category": "external", "summary": "www.first.org", "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "remediations": [ { "category": "vendor_fix", "details": "Update to V1.2 or later version", "product_ids": [ "CSAFPID-00057", "CSAFPID-00058", "CSAFPID-00059", "CSAFPID-00060", "CSAFPID-00061", "CSAFPID-00062", "CSAFPID-00063", "CSAFPID-00064", "CSAFPID-00065", "CSAFPID-00066", "CSAFPID-00067", "CSAFPID-00068" ], "url": "https://support.industry.siemens.com/cs/de/en/view/109805887" }, { "category": "mitigation", "details": "As these vulnerabilities can only be exploited within Wi-Fi range, when possible reduce Wi-Fi transmission power or make sure to have the devices in private areas with physical access controls", "product_ids": [ "CSAFPID-00057", "CSAFPID-00058", "CSAFPID-00059", "CSAFPID-00060", "CSAFPID-00061", "CSAFPID-00062", "CSAFPID-00063", "CSAFPID-00064", "CSAFPID-00065", "CSAFPID-00066", "CSAFPID-00067", "CSAFPID-00068" ] }, { "category": "mitigation", "details": "When possible, A-MSDU can be disabled to mitigate CVE-2020-24588 and CVE-2020-26144", "product_ids": [ "CSAFPID-00057", "CSAFPID-00058", "CSAFPID-00059", "CSAFPID-00060", "CSAFPID-00061", "CSAFPID-00062", "CSAFPID-00063", "CSAFPID-00064", "CSAFPID-00065", "CSAFPID-00066", "CSAFPID-00067", "CSAFPID-00068" ] }, { "category": "mitigation", "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "product_ids": [ "CSAFPID-00057", "CSAFPID-00058", "CSAFPID-00059", "CSAFPID-00060", "CSAFPID-00061", "CSAFPID-00062", "CSAFPID-00063", "CSAFPID-00064", "CSAFPID-00065", "CSAFPID-00066", "CSAFPID-00067", "CSAFPID-00068" ] } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-00057", "CSAFPID-00058", "CSAFPID-00059", "CSAFPID-00060", "CSAFPID-00061", "CSAFPID-00062", "CSAFPID-00063", "CSAFPID-00064", "CSAFPID-00065", "CSAFPID-00066", "CSAFPID-00067", "CSAFPID-00068" ] } ], "title": "CVE-2020-26145" }, { "cve": "CVE-2020-26146", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "notes": [ { "category": "summary", "text": "An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WPA, WPA2, and WPA3 implementations reassemble fragments with non-consecutive packet numbers. An adversary can abuse this to exfiltrate selected fragments. This vulnerability is exploitable when another device sends fragmented frames and the WEP, CCMP, or GCMP data-confidentiality protocol is used. Note that WEP is vulnerable to this attack by design.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", "CSAFPID-00024", "CSAFPID-00025", "CSAFPID-00026", "CSAFPID-00027", "CSAFPID-00028", "CSAFPID-00029", "CSAFPID-00030", "CSAFPID-00031", "CSAFPID-00032", "CSAFPID-00033", "CSAFPID-00034", "CSAFPID-00035", "CSAFPID-00036", "CSAFPID-00037", "CSAFPID-00038", "CSAFPID-00039", "CSAFPID-00040", "CSAFPID-00041", "CSAFPID-00042", "CSAFPID-00043", "CSAFPID-00044", "CSAFPID-00045", "CSAFPID-00046", "CSAFPID-00047", "CSAFPID-00048", "CSAFPID-00049", "CSAFPID-00050", "CSAFPID-00051", "CSAFPID-00052", "CSAFPID-00053", "CSAFPID-00054", "CSAFPID-00055", "CSAFPID-00056", "CSAFPID-00057", "CSAFPID-00058", "CSAFPID-00059", "CSAFPID-00060", "CSAFPID-00061", "CSAFPID-00062", "CSAFPID-00063", "CSAFPID-00064", "CSAFPID-00065", "CSAFPID-00066", "CSAFPID-00067", "CSAFPID-00068" ] }, "references": [ { "summary": "CVE-2020-26146 - SCALANCE W1748-1 M12", "url": "https://support.industry.siemens.com/cs/ww/en/view/109808629/" }, { "summary": "CVE-2020-26146 - SCALANCE W1748-1 M12", "url": "https://support.industry.siemens.com/cs/ww/en/view/109808629/" }, { "summary": "CVE-2020-26146 - SCALANCE W1750D", "url": "https://support.industry.siemens.com/cs/de/en/view/109802805/" }, { "summary": "CVE-2020-26146 - SCALANCE W1788-1 M12", "url": "https://support.industry.siemens.com/cs/ww/en/view/109808629/" }, { "summary": "CVE-2020-26146 - SCALANCE W1788-2 EEC M12", "url": "https://support.industry.siemens.com/cs/ww/en/view/109808629/" }, { "summary": "CVE-2020-26146 - SCALANCE W1788-2 M12", "url": "https://support.industry.siemens.com/cs/ww/en/view/109808629/" }, { "summary": "CVE-2020-26146 - SCALANCE W1788-2IA M12", "url": "https://support.industry.siemens.com/cs/ww/en/view/109808629/" }, { "summary": "CVE-2020-26146 - SCALANCE WAM763-1", "url": "https://support.industry.siemens.com/cs/de/en/view/109805887" }, { "summary": "CVE-2020-26146 - SCALANCE WAM766-1", "url": "https://support.industry.siemens.com/cs/de/en/view/109805887" }, { "summary": "CVE-2020-26146 - SCALANCE WAM766-1", "url": "https://support.industry.siemens.com/cs/de/en/view/109805887" }, { "summary": "CVE-2020-26146 - SCALANCE WAM766-1 6GHz", "url": "https://support.industry.siemens.com/cs/de/en/view/109805887" }, { "summary": "CVE-2020-26146 - SCALANCE WAM766-1 EEC", "url": "https://support.industry.siemens.com/cs/de/en/view/109805887" }, { "summary": "CVE-2020-26146 - SCALANCE WAM766-1 EEC", "url": "https://support.industry.siemens.com/cs/de/en/view/109805887" }, { "summary": "CVE-2020-26146 - SCALANCE WAM766-1 EEC 6GHz", "url": "https://support.industry.siemens.com/cs/de/en/view/109805887" }, { "summary": "CVE-2020-26146 - SCALANCE WUM763-1", "url": "https://support.industry.siemens.com/cs/de/en/view/109805887" }, { "summary": "CVE-2020-26146 - SCALANCE WUM763-1", "url": "https://support.industry.siemens.com/cs/de/en/view/109805887" }, { "summary": "CVE-2020-26146 - SCALANCE WUM766-1", "url": "https://support.industry.siemens.com/cs/de/en/view/109805887" }, { "summary": "CVE-2020-26146 - SCALANCE WUM766-1", "url": "https://support.industry.siemens.com/cs/de/en/view/109805887" }, { "summary": "CVE-2020-26146 - SCALANCE WUM766-1 6GHz", "url": "https://support.industry.siemens.com/cs/de/en/view/109805887" }, { "summary": "CVE-2020-26146 Mitre 5.0 json", "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2020-26146.json" }, { "category": "external", "summary": "web.nvd.nist.gov", "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26146" }, { "category": "external", "summary": "www.first.org", "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "remediations": [ { "category": "no_fix_planned", "details": "Currently no fix is planned", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", "CSAFPID-00024", "CSAFPID-00025", "CSAFPID-00026", "CSAFPID-00027", "CSAFPID-00028", "CSAFPID-00029", "CSAFPID-00030", "CSAFPID-00031", "CSAFPID-00032", "CSAFPID-00033", "CSAFPID-00034", "CSAFPID-00035", "CSAFPID-00036", "CSAFPID-00037", "CSAFPID-00038", "CSAFPID-00039", "CSAFPID-00040", "CSAFPID-00041", "CSAFPID-00042", "CSAFPID-00043", "CSAFPID-00044", "CSAFPID-00045", "CSAFPID-00046", "CSAFPID-00047", "CSAFPID-00048", "CSAFPID-00049" ] }, { "category": "vendor_fix", "details": "Update to V3.0.0 or later version", "product_ids": [ "CSAFPID-00050", "CSAFPID-00051", "CSAFPID-00053", "CSAFPID-00054", "CSAFPID-00055", "CSAFPID-00056" ], "url": "https://support.industry.siemens.com/cs/ww/en/view/109808629/" }, { "category": "vendor_fix", "details": "Update to V8.7.1.3 or later version", "product_ids": [ "CSAFPID-00052" ], "url": "https://support.industry.siemens.com/cs/de/en/view/109802805/" }, { "category": "vendor_fix", "details": "Update to V1.2 or later version", "product_ids": [ "CSAFPID-00057", "CSAFPID-00058", "CSAFPID-00059", "CSAFPID-00060", "CSAFPID-00061", "CSAFPID-00062", "CSAFPID-00063", "CSAFPID-00064", "CSAFPID-00065", "CSAFPID-00066", "CSAFPID-00067", "CSAFPID-00068" ], "url": "https://support.industry.siemens.com/cs/de/en/view/109805887" }, { "category": "mitigation", "details": "As these vulnerabilities can only be exploited within Wi-Fi range, when possible reduce Wi-Fi transmission power or make sure to have the devices in private areas with physical access controls", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", "CSAFPID-00024", "CSAFPID-00025", "CSAFPID-00026", "CSAFPID-00027", "CSAFPID-00028", "CSAFPID-00029", "CSAFPID-00030", "CSAFPID-00031", "CSAFPID-00032", "CSAFPID-00033", "CSAFPID-00034", "CSAFPID-00035", "CSAFPID-00036", "CSAFPID-00037", "CSAFPID-00038", "CSAFPID-00039", "CSAFPID-00040", "CSAFPID-00041", "CSAFPID-00042", "CSAFPID-00043", "CSAFPID-00044", "CSAFPID-00045", "CSAFPID-00046", "CSAFPID-00047", "CSAFPID-00048", "CSAFPID-00049", "CSAFPID-00050", "CSAFPID-00051", "CSAFPID-00052", "CSAFPID-00053", "CSAFPID-00054", "CSAFPID-00055", "CSAFPID-00056", "CSAFPID-00057", "CSAFPID-00058", "CSAFPID-00059", "CSAFPID-00060", "CSAFPID-00061", "CSAFPID-00062", "CSAFPID-00063", "CSAFPID-00064", "CSAFPID-00065", "CSAFPID-00066", "CSAFPID-00067", "CSAFPID-00068" ] }, { "category": "mitigation", "details": "When possible, A-MSDU can be disabled to mitigate CVE-2020-24588 and CVE-2020-26144", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", "CSAFPID-00024", "CSAFPID-00025", "CSAFPID-00026", "CSAFPID-00027", "CSAFPID-00028", "CSAFPID-00029", "CSAFPID-00030", "CSAFPID-00031", "CSAFPID-00032", "CSAFPID-00033", "CSAFPID-00034", "CSAFPID-00035", "CSAFPID-00036", "CSAFPID-00037", "CSAFPID-00038", "CSAFPID-00039", "CSAFPID-00040", "CSAFPID-00041", "CSAFPID-00042", "CSAFPID-00043", "CSAFPID-00044", "CSAFPID-00045", "CSAFPID-00046", "CSAFPID-00047", "CSAFPID-00048", "CSAFPID-00049", "CSAFPID-00050", "CSAFPID-00051", "CSAFPID-00052", "CSAFPID-00053", "CSAFPID-00054", "CSAFPID-00055", "CSAFPID-00056", "CSAFPID-00057", "CSAFPID-00058", "CSAFPID-00059", "CSAFPID-00060", "CSAFPID-00061", "CSAFPID-00062", "CSAFPID-00063", "CSAFPID-00064", "CSAFPID-00065", "CSAFPID-00066", "CSAFPID-00067", "CSAFPID-00068" ] }, { "category": "mitigation", "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", "CSAFPID-00024", "CSAFPID-00025", "CSAFPID-00026", "CSAFPID-00027", "CSAFPID-00028", "CSAFPID-00029", "CSAFPID-00030", "CSAFPID-00031", "CSAFPID-00032", "CSAFPID-00033", "CSAFPID-00034", "CSAFPID-00035", "CSAFPID-00036", "CSAFPID-00037", "CSAFPID-00038", "CSAFPID-00039", "CSAFPID-00040", "CSAFPID-00041", "CSAFPID-00042", "CSAFPID-00043", "CSAFPID-00044", "CSAFPID-00045", "CSAFPID-00046", "CSAFPID-00047", "CSAFPID-00048", "CSAFPID-00049", "CSAFPID-00050", "CSAFPID-00051", "CSAFPID-00052", "CSAFPID-00053", "CSAFPID-00054", "CSAFPID-00055", "CSAFPID-00056", "CSAFPID-00057", "CSAFPID-00058", "CSAFPID-00059", "CSAFPID-00060", "CSAFPID-00061", "CSAFPID-00062", "CSAFPID-00063", "CSAFPID-00064", "CSAFPID-00065", "CSAFPID-00066", "CSAFPID-00067", "CSAFPID-00068" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", "CSAFPID-00024", "CSAFPID-00025", "CSAFPID-00026", "CSAFPID-00027", "CSAFPID-00028", "CSAFPID-00029", "CSAFPID-00030", "CSAFPID-00031", "CSAFPID-00032", "CSAFPID-00033", "CSAFPID-00034", "CSAFPID-00035", "CSAFPID-00036", "CSAFPID-00037", "CSAFPID-00038", "CSAFPID-00039", "CSAFPID-00040", "CSAFPID-00041", "CSAFPID-00042", "CSAFPID-00043", "CSAFPID-00044", "CSAFPID-00045", "CSAFPID-00046", "CSAFPID-00047", "CSAFPID-00048", "CSAFPID-00049", "CSAFPID-00050", "CSAFPID-00051", "CSAFPID-00052", "CSAFPID-00053", "CSAFPID-00054", "CSAFPID-00055", "CSAFPID-00056", "CSAFPID-00057", "CSAFPID-00058", "CSAFPID-00059", "CSAFPID-00060", "CSAFPID-00061", "CSAFPID-00062", "CSAFPID-00063", "CSAFPID-00064", "CSAFPID-00065", "CSAFPID-00066", "CSAFPID-00067", "CSAFPID-00068" ] } ], "title": "CVE-2020-26146" }, { "cve": "CVE-2020-26147", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "notes": [ { "category": "summary", "text": "An issue was discovered in the Linux kernel 5.8.9. The WEP, WPA, WPA2, and WPA3 implementations reassemble fragments even though some of them were sent in plaintext. This vulnerability can be abused to inject packets and/or exfiltrate selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP data-confidentiality protocol is used.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", "CSAFPID-00024", "CSAFPID-00025", "CSAFPID-00026", "CSAFPID-00027", "CSAFPID-00028", "CSAFPID-00029", "CSAFPID-00030", "CSAFPID-00031", "CSAFPID-00032", "CSAFPID-00033", "CSAFPID-00034", "CSAFPID-00035", "CSAFPID-00036", "CSAFPID-00037", "CSAFPID-00038", "CSAFPID-00039", "CSAFPID-00040", "CSAFPID-00041", "CSAFPID-00042", "CSAFPID-00043", "CSAFPID-00044", "CSAFPID-00045", "CSAFPID-00046", "CSAFPID-00047", "CSAFPID-00048", "CSAFPID-00049", "CSAFPID-00050", "CSAFPID-00051", "CSAFPID-00053", "CSAFPID-00054", "CSAFPID-00055", "CSAFPID-00056" ] }, "references": [ { "summary": "CVE-2020-26147 - SCALANCE W1748-1 M12", "url": "https://support.industry.siemens.com/cs/ww/en/view/109808629/" }, { "summary": "CVE-2020-26147 - SCALANCE W1748-1 M12", "url": "https://support.industry.siemens.com/cs/ww/en/view/109808629/" }, { "summary": "CVE-2020-26147 - SCALANCE W1788-1 M12", "url": "https://support.industry.siemens.com/cs/ww/en/view/109808629/" }, { "summary": "CVE-2020-26147 - SCALANCE W1788-2 EEC M12", "url": "https://support.industry.siemens.com/cs/ww/en/view/109808629/" }, { "summary": "CVE-2020-26147 - SCALANCE W1788-2 M12", "url": "https://support.industry.siemens.com/cs/ww/en/view/109808629/" }, { "summary": "CVE-2020-26147 - SCALANCE W1788-2IA M12", "url": "https://support.industry.siemens.com/cs/ww/en/view/109808629/" }, { "summary": "CVE-2020-26147 Mitre 5.0 json", "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2020-26147.json" }, { "category": "external", "summary": "web.nvd.nist.gov", "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26147" }, { "category": "external", "summary": "www.first.org", "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N" } ], "remediations": [ { "category": "no_fix_planned", "details": "Currently no fix is planned", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", "CSAFPID-00024", "CSAFPID-00025", "CSAFPID-00026", "CSAFPID-00027", "CSAFPID-00028", "CSAFPID-00029", "CSAFPID-00030", "CSAFPID-00031", "CSAFPID-00032", "CSAFPID-00033", "CSAFPID-00034", "CSAFPID-00035", "CSAFPID-00036", "CSAFPID-00037", "CSAFPID-00038", "CSAFPID-00039", "CSAFPID-00040", "CSAFPID-00041", "CSAFPID-00042", "CSAFPID-00043", "CSAFPID-00044", "CSAFPID-00045", "CSAFPID-00046", "CSAFPID-00047", "CSAFPID-00048", "CSAFPID-00049" ] }, { "category": "vendor_fix", "details": "Update to V3.0.0 or later version", "product_ids": [ "CSAFPID-00050", "CSAFPID-00051", "CSAFPID-00053", "CSAFPID-00054", "CSAFPID-00055", "CSAFPID-00056" ], "url": "https://support.industry.siemens.com/cs/ww/en/view/109808629/" }, { "category": "mitigation", "details": "As these vulnerabilities can only be exploited within Wi-Fi range, when possible reduce Wi-Fi transmission power or make sure to have the devices in private areas with physical access controls", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", "CSAFPID-00024", "CSAFPID-00025", "CSAFPID-00026", "CSAFPID-00027", "CSAFPID-00028", "CSAFPID-00029", "CSAFPID-00030", "CSAFPID-00031", "CSAFPID-00032", "CSAFPID-00033", "CSAFPID-00034", "CSAFPID-00035", "CSAFPID-00036", "CSAFPID-00037", "CSAFPID-00038", "CSAFPID-00039", "CSAFPID-00040", "CSAFPID-00041", "CSAFPID-00042", "CSAFPID-00043", "CSAFPID-00044", "CSAFPID-00045", "CSAFPID-00046", "CSAFPID-00047", "CSAFPID-00048", "CSAFPID-00049", "CSAFPID-00050", "CSAFPID-00051", "CSAFPID-00053", "CSAFPID-00054", "CSAFPID-00055", "CSAFPID-00056" ] }, { "category": "mitigation", "details": "When possible, A-MSDU can be disabled to mitigate CVE-2020-24588 and CVE-2020-26144", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", "CSAFPID-00024", "CSAFPID-00025", "CSAFPID-00026", "CSAFPID-00027", "CSAFPID-00028", "CSAFPID-00029", "CSAFPID-00030", "CSAFPID-00031", "CSAFPID-00032", "CSAFPID-00033", "CSAFPID-00034", "CSAFPID-00035", "CSAFPID-00036", "CSAFPID-00037", "CSAFPID-00038", "CSAFPID-00039", "CSAFPID-00040", "CSAFPID-00041", "CSAFPID-00042", "CSAFPID-00043", "CSAFPID-00044", "CSAFPID-00045", "CSAFPID-00046", "CSAFPID-00047", "CSAFPID-00048", "CSAFPID-00049", "CSAFPID-00050", "CSAFPID-00051", "CSAFPID-00053", "CSAFPID-00054", "CSAFPID-00055", "CSAFPID-00056" ] }, { "category": "mitigation", "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", "CSAFPID-00024", "CSAFPID-00025", "CSAFPID-00026", "CSAFPID-00027", "CSAFPID-00028", "CSAFPID-00029", "CSAFPID-00030", "CSAFPID-00031", "CSAFPID-00032", "CSAFPID-00033", "CSAFPID-00034", "CSAFPID-00035", "CSAFPID-00036", "CSAFPID-00037", "CSAFPID-00038", "CSAFPID-00039", "CSAFPID-00040", "CSAFPID-00041", "CSAFPID-00042", "CSAFPID-00043", "CSAFPID-00044", "CSAFPID-00045", "CSAFPID-00046", "CSAFPID-00047", "CSAFPID-00048", "CSAFPID-00049", "CSAFPID-00050", "CSAFPID-00051", "CSAFPID-00053", "CSAFPID-00054", "CSAFPID-00055", "CSAFPID-00056" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", "CSAFPID-00024", "CSAFPID-00025", "CSAFPID-00026", "CSAFPID-00027", "CSAFPID-00028", "CSAFPID-00029", "CSAFPID-00030", "CSAFPID-00031", "CSAFPID-00032", "CSAFPID-00033", "CSAFPID-00034", "CSAFPID-00035", "CSAFPID-00036", "CSAFPID-00037", "CSAFPID-00038", "CSAFPID-00039", "CSAFPID-00040", "CSAFPID-00041", "CSAFPID-00042", "CSAFPID-00043", "CSAFPID-00044", "CSAFPID-00045", "CSAFPID-00046", "CSAFPID-00047", "CSAFPID-00048", "CSAFPID-00049", "CSAFPID-00050", "CSAFPID-00051", "CSAFPID-00053", "CSAFPID-00054", "CSAFPID-00055", "CSAFPID-00056" ] } ], "title": "CVE-2020-26147" } ] }
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.