Vulnerabilites related to siemens - simatic_s7-300_cpu_312
cve-2020-15783
Vulnerability from cvelistv5
Published
2020-11-12 19:21
Modified
2024-08-04 13:22
Severity ?
Summary
A vulnerability has been identified in SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC TDC CPU555 (All versions), SINUMERIK 840D sl (All versions). Sending multiple specially crafted packets to the affected devices could cause a Denial-of-Service on port 102. A cold restart is required to recover the service.
References
https://cert-portal.siemens.com/productcert/pdf/ssa-492828.pdfx_refsource_MISC
Impacted products
Vendor Product Version
Siemens SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) Version: All versions
 Create a notification for this product.
   Siemens SIMATIC TDC CPU555 Version: All versions
 Create a notification for this product.
   Siemens SINUMERIK 840D sl Version: All versions
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T13:22:30.725Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-492828.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "product": "SIMATIC TDC CPU555",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "product": "SINUMERIK 840D sl",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC TDC CPU555 (All versions), SINUMERIK 840D sl (All versions). Sending multiple specially crafted packets to the affected devices could cause a Denial-of-Service on port 102. A cold restart is required to recover the service."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "CWE-400: Uncontrolled Resource Consumption",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-08-10T11:16:39",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-492828.pdf"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "productcert@siemens.com",
          "ID": "CVE-2020-15783",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SIMATIC TDC CPU555",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SINUMERIK 840D sl",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Siemens"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability has been identified in SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC TDC CPU555 (All versions), SINUMERIK 840D sl (All versions). Sending multiple specially crafted packets to the affected devices could cause a Denial-of-Service on port 102. A cold restart is required to recover the service."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-400: Uncontrolled Resource Consumption"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-492828.pdf",
              "refsource": "MISC",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-492828.pdf"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2020-15783",
    "datePublished": "2020-11-12T19:21:09",
    "dateReserved": "2020-07-15T00:00:00",
    "dateUpdated": "2024-08-04T13:22:30.725Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-9159
Vulnerability from cvelistv5
Published
2016-12-17 03:34
Modified
2024-08-06 02:42
Severity ?
Summary
A vulnerability has been identified in SIMATIC S7-300 CPU family (All versions), SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 V6 and earlier CPU family (All versions), SIMATIC S7-400 V7 CPU family (All versions), SIMATIC S7-410 V8 CPU family (All versions), SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants) (All versions). An attacker with network access to port 102/tcp (ISO-TSAP) or via Profibus could obtain credentials from the PLC if protection-level 2 is configured on the affected devices.
References
http://www.securityfocus.com/bid/94820vdb-entry, x_refsource_BID
http://www.securitytracker.com/id/1037434vdb-entry, x_refsource_SECTRACK
https://ics-cert.us-cert.gov/advisories/ICSA-16-348-05x_refsource_MISC
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-731239.pdfx_refsource_CONFIRM
https://cert-portal.siemens.com/productcert/pdf/ssa-731239.pdfx_refsource_MISC
Impacted products
Vendor Product Version
Siemens AG SIMATIC S7-300 CPU family Version: All versions
 Create a notification for this product.
   Siemens AG SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) Version: All versions
 Create a notification for this product.
   Siemens AG SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) Version: All versions
 Create a notification for this product.
   Siemens AG SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) Version: All versions
 Create a notification for this product.
   Siemens AG SIMATIC S7-400 V6 and earlier CPU family Version: All versions
 Create a notification for this product.
   Siemens AG SIMATIC S7-400 V7 CPU family Version: All versions
 Create a notification for this product.
   Siemens AG SIMATIC S7-410 V8 CPU family Version: All versions
 Create a notification for this product.
   Siemens AG SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants) Version: All versions
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T02:42:11.143Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "94820",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/94820"
          },
          {
            "name": "1037434",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1037434"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-348-05"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-731239.pdf"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-731239.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "SIMATIC S7-300 CPU family",
          "vendor": "Siemens AG",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "product": "SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants)",
          "vendor": "Siemens AG",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "product": "SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants)",
          "vendor": "Siemens AG",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "product": "SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants)",
          "vendor": "Siemens AG",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "product": "SIMATIC S7-400 V6 and earlier CPU family",
          "vendor": "Siemens AG",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "product": "SIMATIC S7-400 V7 CPU family",
          "vendor": "Siemens AG",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "product": "SIMATIC S7-410 V8 CPU family",
          "vendor": "Siemens AG",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "product": "SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants)",
          "vendor": "Siemens AG",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        }
      ],
      "datePublic": "2016-12-16T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in SIMATIC S7-300 CPU family (All versions), SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 V6 and earlier CPU family (All versions), SIMATIC S7-400 V7 CPU family (All versions), SIMATIC S7-410 V8 CPU family (All versions), SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants) (All versions). An attacker with network access to port 102/tcp (ISO-TSAP) or via Profibus could obtain credentials from the PLC if protection-level 2 is configured on the affected devices."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-200",
              "description": "CWE-200: Information Exposure",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-03-10T19:16:14",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "name": "94820",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/94820"
        },
        {
          "name": "1037434",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1037434"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-348-05"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-731239.pdf"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-731239.pdf"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "productcert@siemens.com",
          "ID": "CVE-2016-9159",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "SIMATIC S7-300 CPU family",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SIMATIC S7-400 V6 and earlier CPU family",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SIMATIC S7-400 V7 CPU family",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SIMATIC S7-410 V8 CPU family",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Siemens AG"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability has been identified in SIMATIC S7-300 CPU family (All versions), SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 V6 and earlier CPU family (All versions), SIMATIC S7-400 V7 CPU family (All versions), SIMATIC S7-410 V8 CPU family (All versions), SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants) (All versions). An attacker with network access to port 102/tcp (ISO-TSAP) or via Profibus could obtain credentials from the PLC if protection-level 2 is configured on the affected devices."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-200: Information Exposure"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "94820",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/94820"
            },
            {
              "name": "1037434",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1037434"
            },
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-348-05",
              "refsource": "MISC",
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-348-05"
            },
            {
              "name": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-731239.pdf",
              "refsource": "CONFIRM",
              "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-731239.pdf"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-731239.pdf",
              "refsource": "MISC",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-731239.pdf"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2016-9159",
    "datePublished": "2016-12-17T03:34:00",
    "dateReserved": "2016-11-03T00:00:00",
    "dateUpdated": "2024-08-06T02:42:11.143Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-15791
Vulnerability from cvelistv5
Published
2020-09-09 18:13
Modified
2024-08-04 13:22
Severity ?
Summary
A vulnerability has been identified in SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC S7-400 CPU family (incl. SIPLUS variants) (All versions), SIMATIC WinAC RTX (F) 2010 (All versions), SINUMERIK 840D sl (All versions). The authentication protocol between a client and a PLC via port 102/tcp (ISO-TSAP) insufficiently protects the transmitted password. This could allow an attacker that is able to intercept the network traffic to obtain valid PLC credentials.
References
https://cert-portal.siemens.com/productcert/pdf/ssa-381684.pdfx_refsource_MISC
Impacted products
Vendor Product Version
Siemens SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) Version: All versions
 Create a notification for this product.
   Siemens SIMATIC S7-400 CPU family (incl. SIPLUS variants) Version: All versions
 Create a notification for this product.
   Siemens SIMATIC WinAC RTX (F) 2010 Version: All versions
 Create a notification for this product.
   Siemens SINUMERIK 840D sl Version: All versions
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T13:22:30.753Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-381684.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "product": "SIMATIC S7-400 CPU family (incl. SIPLUS variants)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "product": "SIMATIC WinAC RTX (F) 2010",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "product": "SINUMERIK 840D sl",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC S7-400 CPU family (incl. SIPLUS variants) (All versions), SIMATIC WinAC RTX (F) 2010 (All versions), SINUMERIK 840D sl (All versions). The authentication protocol between a client and a PLC via port 102/tcp (ISO-TSAP) insufficiently protects the transmitted password. This could allow an attacker that is able to intercept the network traffic to obtain valid PLC credentials."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-522",
              "description": "CWE-522: Insufficiently Protected Credentials",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-12-14T21:05:18",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-381684.pdf"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "productcert@siemens.com",
          "ID": "CVE-2020-15791",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SIMATIC S7-400 CPU family (incl. SIPLUS variants)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SIMATIC WinAC RTX (F) 2010",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SINUMERIK 840D sl",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Siemens"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability has been identified in SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC S7-400 CPU family (incl. SIPLUS variants) (All versions), SIMATIC WinAC RTX (F) 2010 (All versions), SINUMERIK 840D sl (All versions). The authentication protocol between a client and a PLC via port 102/tcp (ISO-TSAP) insufficiently protects the transmitted password. This could allow an attacker that is able to intercept the network traffic to obtain valid PLC credentials."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-522: Insufficiently Protected Credentials"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-381684.pdf",
              "refsource": "MISC",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-381684.pdf"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2020-15791",
    "datePublished": "2020-09-09T18:13:11",
    "dateReserved": "2020-07-15T00:00:00",
    "dateUpdated": "2024-08-04T13:22:30.753Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-9158
Vulnerability from cvelistv5
Published
2016-12-17 03:34
Modified
2024-08-06 02:42
Severity ?
Summary
A vulnerability has been identified in SIMATIC S7-300 CPU family (All versions), SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 V6 and earlier CPU family (All versions), SIMATIC S7-400 V7 CPU family (All versions). Specially crafted packets sent to port 80/tcp could cause the affected devices to go into defect mode. A cold restart is required to recover the system.
References
http://www.securityfocus.com/bid/94820vdb-entry, x_refsource_BID
http://www.securitytracker.com/id/1037434vdb-entry, x_refsource_SECTRACK
https://ics-cert.us-cert.gov/advisories/ICSA-16-348-05x_refsource_MISC
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-731239.pdfx_refsource_CONFIRM
https://cert-portal.siemens.com/productcert/pdf/ssa-731239.pdfx_refsource_MISC
Impacted products
Vendor Product Version
Siemens AG SIMATIC S7-300 CPU family Version: All versions
 Create a notification for this product.
   Siemens AG SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) Version: All versions
 Create a notification for this product.
   Siemens AG SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) Version: All versions
 Create a notification for this product.
   Siemens AG SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) Version: All versions
 Create a notification for this product.
   Siemens AG SIMATIC S7-400 V6 and earlier CPU family Version: All versions
 Create a notification for this product.
   Siemens AG SIMATIC S7-400 V7 CPU family Version: All versions
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T02:42:10.987Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "94820",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/94820"
          },
          {
            "name": "1037434",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1037434"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-348-05"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-731239.pdf"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-731239.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "SIMATIC S7-300 CPU family",
          "vendor": "Siemens AG",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "product": "SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants)",
          "vendor": "Siemens AG",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "product": "SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants)",
          "vendor": "Siemens AG",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "product": "SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants)",
          "vendor": "Siemens AG",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "product": "SIMATIC S7-400 V6 and earlier CPU family",
          "vendor": "Siemens AG",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "product": "SIMATIC S7-400 V7 CPU family",
          "vendor": "Siemens AG",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        }
      ],
      "datePublic": "2016-12-16T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in SIMATIC S7-300 CPU family (All versions), SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 V6 and earlier CPU family (All versions), SIMATIC S7-400 V7 CPU family (All versions). Specially crafted packets sent to port 80/tcp could cause the affected devices to go into defect mode. A cold restart is required to recover the system."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20: Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-03-10T19:16:14",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "name": "94820",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/94820"
        },
        {
          "name": "1037434",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1037434"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-348-05"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-731239.pdf"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-731239.pdf"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "productcert@siemens.com",
          "ID": "CVE-2016-9158",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "SIMATIC S7-300 CPU family",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SIMATIC S7-400 V6 and earlier CPU family",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SIMATIC S7-400 V7 CPU family",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Siemens AG"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability has been identified in SIMATIC S7-300 CPU family (All versions), SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 V6 and earlier CPU family (All versions), SIMATIC S7-400 V7 CPU family (All versions). Specially crafted packets sent to port 80/tcp could cause the affected devices to go into defect mode. A cold restart is required to recover the system."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-20: Improper Input Validation"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "94820",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/94820"
            },
            {
              "name": "1037434",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1037434"
            },
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-348-05",
              "refsource": "MISC",
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-348-05"
            },
            {
              "name": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-731239.pdf",
              "refsource": "CONFIRM",
              "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-731239.pdf"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-731239.pdf",
              "refsource": "MISC",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-731239.pdf"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2016-9158",
    "datePublished": "2016-12-17T03:34:00",
    "dateReserved": "2016-11-03T00:00:00",
    "dateUpdated": "2024-08-06T02:42:10.987Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Vulnerability from fkie_nvd
Published
2020-09-09 19:15
Modified
2024-11-21 05:06
Severity ?
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
A vulnerability has been identified in SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC S7-400 CPU family (incl. SIPLUS variants) (All versions), SIMATIC WinAC RTX (F) 2010 (All versions), SINUMERIK 840D sl (All versions). The authentication protocol between a client and a PLC via port 102/tcp (ISO-TSAP) insufficiently protects the transmitted password. This could allow an attacker that is able to intercept the network traffic to obtain valid PLC credentials.
References
productcert@siemens.comhttps://cert-portal.siemens.com/productcert/pdf/ssa-381684.pdfVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://cert-portal.siemens.com/productcert/pdf/ssa-381684.pdfVendor Advisory
Impacted products
Vendor Product Version
siemens simatic_s7-300_cpu_312_firmware *
siemens simatic_s7-300_cpu_312 -
siemens simatic_s7-300_cpu_314_firmware *
siemens simatic_s7-300_cpu_314 -
siemens simatic_s7-300_cpu_315-2_dp_firmware *
siemens simatic_s7-300_cpu_315-2_dp -
siemens simatic_s7-300_cpu_315-2_pn_firmware *
siemens simatic_s7-300_cpu_315-2_pn -
siemens simatic_s7-300_cpu_317-2_pn_firmware *
siemens simatic_s7-300_cpu_317-2_pn -
siemens simatic_s7-300_cpu_317-2_dp_firmware *
siemens simatic_s7-300_cpu_317-2_dp -
siemens simatic_s7-300_cpu_315f-2_dp_firmware *
siemens simatic_s7-300_cpu_315f-2_dp -
siemens simatic_s7-300_cpu_315f-2_pn_firmware *
siemens simatic_s7-300_cpu_315f-2_pn -
siemens simatic_s7-300_cpu_317f-2_pn_firmware *
siemens simatic_s7-300_cpu_317f-2_pn -
siemens simatic_s7-300_cpu_317f-2_dp_firmware *
siemens simatic_s7-300_cpu_317f-2_dp -
siemens simatic_s7-400_cpu_412_firmware *
siemens simatic_s7-400_cpu_412 -
siemens simatic_s7-400_cpu_414_firmware *
siemens simatic_s7-400_cpu_414 -
siemens simatic_s7-400_cpu_416_firmware *
siemens simatic_s7-400_cpu_416 -
siemens simatic_s7-400_cpu_417_firmware *
siemens simatic_s7-400_cpu_417 -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:simatic_s7-300_cpu_312_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6EF8A28-8B05-46C2-911F-37AE46E04743",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-300_cpu_312:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4FB328F8-3E03-440B-AB5C-ADA1D4F07F0E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:simatic_s7-300_cpu_314_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BDD1105D-F909-4383-8490-66891609FDC7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-300_cpu_314:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "78399465-EED5-4EBD-A2E1-6FE0BD01EDB4",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:simatic_s7-300_cpu_315-2_dp_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "07DC9E02-9B48-496E-8656-68CFFD399F1B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-300_cpu_315-2_dp:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8FD8E6D-0527-4215-B6F0-5824011433FB",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:simatic_s7-300_cpu_315-2_pn_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FEC66966-6794-4A83-A425-4BC8911392B8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-300_cpu_315-2_pn:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F007420-6EF7-4ECF-9CBE-BABF39B3EE3F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:simatic_s7-300_cpu_317-2_pn_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "581B9FCA-43EC-4BF3-B836-BBD9635EA8C9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-300_cpu_317-2_pn:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "40F856D9-7954-4EE1-B5DA-18DFE21069AE",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:simatic_s7-300_cpu_317-2_dp_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0B56C44-3148-4612-9543-9F96DF0142A6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-300_cpu_317-2_dp:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7593F136-F558-4C3D-8429-5141A621981B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:simatic_s7-300_cpu_315f-2_dp_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D67C040-2D94-4872-98F9-B4B08290DD03",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-300_cpu_315f-2_dp:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD7AE84F-1476-4E2C-9E2B-0EDAEFE9EDA7",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:simatic_s7-300_cpu_315f-2_pn_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "694D542E-3E4F-4B6B-BD87-11EDD6C60527",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-300_cpu_315f-2_pn:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "50798314-D77E-48C9-B608-0F7A72C88138",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:simatic_s7-300_cpu_317f-2_pn_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD47DCD2-068E-43E0-AEF8-71E9941FA816",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-300_cpu_317f-2_pn:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2713CAFF-4B49-48DF-A475-02D280927113",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:simatic_s7-300_cpu_317f-2_dp_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7F1F77B-37E4-4929-BA60-C631067BE843",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-300_cpu_317f-2_dp:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B30FDCBC-62BC-43AC-BC92-A44D79525215",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:simatic_s7-400_cpu_412_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D74D138-6C3A-4E20-9B29-6C9A573A6D32",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-400_cpu_412:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD7BD15E-6FB2-489A-A48B-C80021029AE5",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:simatic_s7-400_cpu_414_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "33B29F2B-AC3D-49CE-9573-DCAB9169EA61",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-400_cpu_414:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE95DD6B-F615-47E5-A028-DE6DA7B32B16",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:simatic_s7-400_cpu_416_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "50F9C422-E902-4890-9CED-3213E696ABE8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-400_cpu_416:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D439724-FC4C-4006-BB0C-0DBEA89693A2",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:simatic_s7-400_cpu_417_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "26FB5714-01AF-4E98-84E9-56FF70DBB412",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-400_cpu_417:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA54AD7F-9D9D-479B-9E67-20378AB8E5A6",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability has been identified in SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC S7-400 CPU family (incl. SIPLUS variants) (All versions), SIMATIC WinAC RTX (F) 2010 (All versions), SINUMERIK 840D sl (All versions). The authentication protocol between a client and a PLC via port 102/tcp (ISO-TSAP) insufficiently protects the transmitted password. This could allow an attacker that is able to intercept the network traffic to obtain valid PLC credentials."
    },
    {
      "lang": "es",
      "value": "Se ha identificado una vulnerabilidad en la familia de SIMATIC S7-300 CPU (incluyendo las CPU ET200 relacionadas y las variantes SIPLUS) (Todas las versiones), familia SIMATIC S7-400 CPU (incluyendo las variantes SIPLUS) (Todas las versiones), SIMATIC WinAC RTX (F) 2010 (Todas las versiones), SINUMERIK 840D sl (Todas las versiones). El protocolo de autenticaci\u00f3n entre un cliente y un PLC por medio del puerto 102/tcp (ISO-TSAP) no protege suficientemente la contrase\u00f1a transmitida. Esto podr\u00eda permitir a un atacante que pueda interceptar el tr\u00e1fico de red obtener credenciales del PLC v\u00e1lidas"
    }
  ],
  "id": "CVE-2020-15791",
  "lastModified": "2024-11-21T05:06:11.270",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "ADJACENT_NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 3.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.5,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-09-09T19:15:20.663",
  "references": [
    {
      "source": "productcert@siemens.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-381684.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-381684.pdf"
    }
  ],
  "sourceIdentifier": "productcert@siemens.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-522"
        }
      ],
      "source": "productcert@siemens.com",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-522"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Secondary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2016-12-17 03:59
Modified
2024-11-21 03:00
Severity ?
5.9 (Medium) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
A vulnerability has been identified in SIMATIC S7-300 CPU family (All versions), SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 V6 and earlier CPU family (All versions), SIMATIC S7-400 V7 CPU family (All versions), SIMATIC S7-410 V8 CPU family (All versions), SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants) (All versions). An attacker with network access to port 102/tcp (ISO-TSAP) or via Profibus could obtain credentials from the PLC if protection-level 2 is configured on the affected devices.
References
productcert@siemens.comhttp://www.securityfocus.com/bid/94820
productcert@siemens.comhttp://www.securitytracker.com/id/1037434
productcert@siemens.comhttps://cert-portal.siemens.com/productcert/pdf/ssa-731239.pdf
productcert@siemens.comhttps://ics-cert.us-cert.gov/advisories/ICSA-16-348-05
productcert@siemens.comhttps://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-731239.pdf
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/94820
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1037434
af854a3a-2127-422b-91ae-364da2661108https://cert-portal.siemens.com/productcert/pdf/ssa-731239.pdf
af854a3a-2127-422b-91ae-364da2661108https://ics-cert.us-cert.gov/advisories/ICSA-16-348-05
af854a3a-2127-422b-91ae-364da2661108https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-731239.pdf
Impacted products
Vendor Product Version
siemens simatic_s7-300_cpu_firmware -
siemens simatic_s7-300_cpu_312 -
siemens simatic_s7-300_cpu_314 -
siemens simatic_s7-300_cpu_315-2_dp -
siemens simatic_s7-300_cpu_315-2_pn\/dp -
siemens simatic_s7-300_cpu_317-_2_dp -
siemens simatic_s7-300_cpu_317-2_pn\/dp -
siemens simatic_s7-300_cpu_319-3_pn\/dp -
siemens simatic_s7-400_cpu_firmware -
siemens simatic_s7-400_cpu_412-1 -
siemens simatic_s7-400_cpu_412-2 -
siemens simatic_s7-400_cpu_412-2_pn -
siemens simatic_s7-400_cpu_414-2 -
siemens simatic_s7-400_cpu_414-3 -
siemens simatic_s7-400_cpu_414-3_pn\/dp -
siemens simatic_s7-400_cpu_416-2 -
siemens simatic_s7-400_cpu_416-3 -
siemens simatic_s7-400_cpu_416-3_pn\/dp -
siemens simatic_s7-400_cpu_416f-2 -
siemens simatic_s7-400_cpu_416f-3_pn\/dp -
siemens simatic_s7-400_cpu_417-4 -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:simatic_s7-300_cpu_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "76189399-9032-4695-A976-8415E26B0DB8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-300_cpu_312:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4FB328F8-3E03-440B-AB5C-ADA1D4F07F0E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-300_cpu_314:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "78399465-EED5-4EBD-A2E1-6FE0BD01EDB4",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-300_cpu_315-2_dp:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8FD8E6D-0527-4215-B6F0-5824011433FB",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-300_cpu_315-2_pn\\/dp:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A773F92D-E5C0-4B51-8214-19BFE6BC7638",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-300_cpu_317-_2_dp:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3C5065F-C0B9-4427-A9D2-072AFF3FCA69",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-300_cpu_317-2_pn\\/dp:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A340DA65-BA46-4F72-8951-93135F9F6602",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-300_cpu_319-3_pn\\/dp:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7167E5B0-D278-4F63-B5CD-39DBDF336089",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:simatic_s7-400_cpu_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6EBD5F0-16A6-466B-80E5-B95DDBDE2FA3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-400_cpu_412-1:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6498C679-46A3-4F87-9278-F64D2194E1F5",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-400_cpu_412-2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "85F8C306-45F5-429B-B932-0278A9B909B7",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-400_cpu_412-2_pn:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0E162F8-B37A-4FFA-A523-FA6227372D37",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-400_cpu_414-2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8CD1CA5C-F729-4311-9E78-156BB6DE31A7",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-400_cpu_414-3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "20E69856-A628-4B9D-9184-7FB9A924193E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-400_cpu_414-3_pn\\/dp:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1EC8F19-313A-4C74-A68A-AAC320B123CE",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-400_cpu_416-2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "195259DF-8ABE-47A9-9A13-6BDAA25AA898",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-400_cpu_416-3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3412299F-5778-4290-A80C-29BC6F46F701",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-400_cpu_416-3_pn\\/dp:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC41E925-88AF-4D33-AC49-CE5FEAAF2105",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-400_cpu_416f-2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "61363AEF-CBDB-4405-A605-4997798D38D8",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-400_cpu_416f-3_pn\\/dp:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CFC71AB-3ACF-4E7E-B83E-31E02DEBDA48",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-400_cpu_417-4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "711A91B2-EB16-418B-AA63-56DFD40075D7",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability has been identified in SIMATIC S7-300 CPU family (All versions), SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 V6 and earlier CPU family (All versions), SIMATIC S7-400 V7 CPU family (All versions), SIMATIC S7-410 V8 CPU family (All versions), SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants) (All versions). An attacker with network access to port 102/tcp (ISO-TSAP) or via Profibus could obtain credentials from the PLC if protection-level 2 is configured on the affected devices."
    },
    {
      "lang": "es",
      "value": "Se ha identificado una vulnerabilidad en la familia de CPU SIMATIC S7-300 (todas las versiones), la familia de CPU SIMATIC S7-300 (incluidas las CPU ET200 relacionadas y las variantes SIPLUS) (todas las versiones), SIMATIC S7-400 PN / DP V6 y familias de CPU inferiores (incl. variantes SIPLUS) (todas las versiones), familia de CPU SIMATIC S7-400 PN / DP V7 (incl. variantes SIPLUS) (todas las versiones), SIMATIC S7-400 V6 y familia de CPU anterior (todas las versiones), SIMATIC S7-400 Familia de CPU V7 (todas las versiones), familia de CPU SIMATIC S7-410 V8 (todas las versiones), familia de CPU SIMATIC S7-410 V8 (incluidas las variantes SIPLUS) (todas las versiones). Un atacante con acceso de red al puerto 102 / tcp (ISO-TSAP) o a trav\u00e9s de Profibus podr\u00eda obtener credenciales del PLC si el nivel de protecci\u00f3n 2 est\u00e1 configurado en los dispositivos afectados."
    }
  ],
  "id": "CVE-2016-9159",
  "lastModified": "2024-11-21T03:00:43.270",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-12-17T03:59:00.233",
  "references": [
    {
      "source": "productcert@siemens.com",
      "url": "http://www.securityfocus.com/bid/94820"
    },
    {
      "source": "productcert@siemens.com",
      "url": "http://www.securitytracker.com/id/1037434"
    },
    {
      "source": "productcert@siemens.com",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-731239.pdf"
    },
    {
      "source": "productcert@siemens.com",
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-348-05"
    },
    {
      "source": "productcert@siemens.com",
      "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-731239.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/94820"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1037434"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-731239.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-348-05"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-731239.pdf"
    }
  ],
  "sourceIdentifier": "productcert@siemens.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "productcert@siemens.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2016-12-17 03:59
Modified
2024-11-21 03:00
Severity ?
7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
A vulnerability has been identified in SIMATIC S7-300 CPU family (All versions), SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 V6 and earlier CPU family (All versions), SIMATIC S7-400 V7 CPU family (All versions). Specially crafted packets sent to port 80/tcp could cause the affected devices to go into defect mode. A cold restart is required to recover the system.
References
productcert@siemens.comhttp://www.securityfocus.com/bid/94820
productcert@siemens.comhttp://www.securitytracker.com/id/1037434
productcert@siemens.comhttps://cert-portal.siemens.com/productcert/pdf/ssa-731239.pdf
productcert@siemens.comhttps://ics-cert.us-cert.gov/advisories/ICSA-16-348-05
productcert@siemens.comhttps://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-731239.pdf
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/94820
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1037434
af854a3a-2127-422b-91ae-364da2661108https://cert-portal.siemens.com/productcert/pdf/ssa-731239.pdf
af854a3a-2127-422b-91ae-364da2661108https://ics-cert.us-cert.gov/advisories/ICSA-16-348-05
af854a3a-2127-422b-91ae-364da2661108https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-731239.pdf
Impacted products
Vendor Product Version
siemens simatic_s7-300_cpu_firmware -
siemens simatic_s7-300_cpu_312 -
siemens simatic_s7-300_cpu_314 -
siemens simatic_s7-300_cpu_315-2_dp -
siemens simatic_s7-300_cpu_315-2_pn\/dp -
siemens simatic_s7-300_cpu_317-_2_dp -
siemens simatic_s7-300_cpu_317-2_pn\/dp -
siemens simatic_s7-300_cpu_319-3_pn\/dp -
siemens simatic_s7-400_cpu_firmware -
siemens simatic_s7-400_cpu_412-1 -
siemens simatic_s7-400_cpu_412-2 -
siemens simatic_s7-400_cpu_412-2_pn -
siemens simatic_s7-400_cpu_414-2 -
siemens simatic_s7-400_cpu_414-3 -
siemens simatic_s7-400_cpu_414-3_pn\/dp -
siemens simatic_s7-400_cpu_416-2 -
siemens simatic_s7-400_cpu_416-3 -
siemens simatic_s7-400_cpu_416-3_pn\/dp -
siemens simatic_s7-400_cpu_416f-2 -
siemens simatic_s7-400_cpu_416f-3_pn\/dp -
siemens simatic_s7-400_cpu_417-4 -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:simatic_s7-300_cpu_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "76189399-9032-4695-A976-8415E26B0DB8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-300_cpu_312:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4FB328F8-3E03-440B-AB5C-ADA1D4F07F0E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-300_cpu_314:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "78399465-EED5-4EBD-A2E1-6FE0BD01EDB4",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-300_cpu_315-2_dp:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8FD8E6D-0527-4215-B6F0-5824011433FB",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-300_cpu_315-2_pn\\/dp:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A773F92D-E5C0-4B51-8214-19BFE6BC7638",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-300_cpu_317-_2_dp:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3C5065F-C0B9-4427-A9D2-072AFF3FCA69",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-300_cpu_317-2_pn\\/dp:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A340DA65-BA46-4F72-8951-93135F9F6602",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-300_cpu_319-3_pn\\/dp:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7167E5B0-D278-4F63-B5CD-39DBDF336089",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:simatic_s7-400_cpu_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6EBD5F0-16A6-466B-80E5-B95DDBDE2FA3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-400_cpu_412-1:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6498C679-46A3-4F87-9278-F64D2194E1F5",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-400_cpu_412-2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "85F8C306-45F5-429B-B932-0278A9B909B7",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-400_cpu_412-2_pn:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0E162F8-B37A-4FFA-A523-FA6227372D37",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-400_cpu_414-2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8CD1CA5C-F729-4311-9E78-156BB6DE31A7",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-400_cpu_414-3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "20E69856-A628-4B9D-9184-7FB9A924193E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-400_cpu_414-3_pn\\/dp:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1EC8F19-313A-4C74-A68A-AAC320B123CE",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-400_cpu_416-2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "195259DF-8ABE-47A9-9A13-6BDAA25AA898",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-400_cpu_416-3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3412299F-5778-4290-A80C-29BC6F46F701",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-400_cpu_416-3_pn\\/dp:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC41E925-88AF-4D33-AC49-CE5FEAAF2105",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-400_cpu_416f-2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "61363AEF-CBDB-4405-A605-4997798D38D8",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-400_cpu_416f-3_pn\\/dp:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CFC71AB-3ACF-4E7E-B83E-31E02DEBDA48",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-400_cpu_417-4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "711A91B2-EB16-418B-AA63-56DFD40075D7",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability has been identified in SIMATIC S7-300 CPU family (All versions), SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 V6 and earlier CPU family (All versions), SIMATIC S7-400 V7 CPU family (All versions). Specially crafted packets sent to port 80/tcp could cause the affected devices to go into defect mode. A cold restart is required to recover the system."
    },
    {
      "lang": "es",
      "value": "Se ha identificado una vulnerabilidad en la familia de CPU SIMATIC S7-300 (todas las versiones), la familia de CPU SIMATIC S7-300 (incluidas las CPU ET200 relacionadas y las variantes SIPLUS) (todas las versiones), SIMATIC S7-400 PN / DP V6 y familias de CPU inferiores (incl. variantes SIPLUS) (todas las versiones), familia de CPU SIMATIC S7-400 PN / DP V7 (incl. variantes SIPLUS) (todas las versiones), SIMATIC S7-400 V6 y familia de CPU anterior (todas las versiones), SIMATIC S7-400 Familia de CPU V7 (todas las versiones). Los paquetes especialmente dise\u00f1ados enviados al puerto 80 / tcp podr\u00edan hacer que los dispositivos afectados entren en modo defectuoso. Se requiere un reinicio en fr\u00edo para recuperar el sistema."
    }
  ],
  "id": "CVE-2016-9158",
  "lastModified": "2024-11-21T03:00:43.150",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.8,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-12-17T03:59:00.187",
  "references": [
    {
      "source": "productcert@siemens.com",
      "url": "http://www.securityfocus.com/bid/94820"
    },
    {
      "source": "productcert@siemens.com",
      "url": "http://www.securitytracker.com/id/1037434"
    },
    {
      "source": "productcert@siemens.com",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-731239.pdf"
    },
    {
      "source": "productcert@siemens.com",
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-348-05"
    },
    {
      "source": "productcert@siemens.com",
      "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-731239.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/94820"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1037434"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-731239.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-348-05"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-731239.pdf"
    }
  ],
  "sourceIdentifier": "productcert@siemens.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "productcert@siemens.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2020-11-12 20:15
Modified
2024-11-21 05:06
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
A vulnerability has been identified in SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC TDC CPU555 (All versions), SINUMERIK 840D sl (All versions). Sending multiple specially crafted packets to the affected devices could cause a Denial-of-Service on port 102. A cold restart is required to recover the service.
References
productcert@siemens.comhttps://cert-portal.siemens.com/productcert/pdf/ssa-492828.pdfMitigation, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://cert-portal.siemens.com/productcert/pdf/ssa-492828.pdfMitigation, Vendor Advisory
Impacted products
Vendor Product Version
siemens sinumerik_840d_sl_firmware *
siemens sinumerik_840d_sl -
siemens simatic_s7-300_cpu_312_firmware *
siemens simatic_s7-300_cpu_312 -
siemens simatic_s7-300_cpu_314_firmware *
siemens simatic_s7-300_cpu_314 -
siemens simatic_s7-300_cpu_315-2_dp_firmware *
siemens simatic_s7-300_cpu_315-2_dp -
siemens simatic_s7-300_cpu_315-2_pn_firmware *
siemens simatic_s7-300_cpu_315-2_pn -
siemens simatic_s7-300_cpu_317-2_pn_firmware *
siemens simatic_s7-300_cpu_317-2_pn -
siemens simatic_s7-300_cpu_317-2_dp_firmware *
siemens simatic_s7-300_cpu_317-2_dp -
siemens simatic_s7-300_cpu_315f-2_dp_firmware *
siemens simatic_s7-300_cpu_315f-2_dp -
siemens simatic_s7-300_cpu_315f-2_pn_firmware *
siemens simatic_s7-300_cpu_315f-2_pn -
siemens simatic_s7-300_cpu_317f-2_pn_firmware *
siemens simatic_s7-300_cpu_317f-2_pn -
siemens simatic_s7-300_cpu_317f-2_dp_firmware *
siemens simatic_s7-300_cpu_317f-2_dp -
siemens simatic_tdc_cpu555_firmware *
siemens simatic_tdc_cpu555 -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:sinumerik_840d_sl_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "07F5B314-ED39-4B8C-BF45-010BC1AB2F6C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:sinumerik_840d_sl:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "765286DF-07EC-4C7A-AB8C-09559CD977EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:simatic_s7-300_cpu_312_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6EF8A28-8B05-46C2-911F-37AE46E04743",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-300_cpu_312:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4FB328F8-3E03-440B-AB5C-ADA1D4F07F0E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:simatic_s7-300_cpu_314_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BDD1105D-F909-4383-8490-66891609FDC7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-300_cpu_314:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "78399465-EED5-4EBD-A2E1-6FE0BD01EDB4",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:simatic_s7-300_cpu_315-2_dp_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "07DC9E02-9B48-496E-8656-68CFFD399F1B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-300_cpu_315-2_dp:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8FD8E6D-0527-4215-B6F0-5824011433FB",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:simatic_s7-300_cpu_315-2_pn_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FEC66966-6794-4A83-A425-4BC8911392B8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-300_cpu_315-2_pn:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F007420-6EF7-4ECF-9CBE-BABF39B3EE3F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:simatic_s7-300_cpu_317-2_pn_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "581B9FCA-43EC-4BF3-B836-BBD9635EA8C9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-300_cpu_317-2_pn:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "40F856D9-7954-4EE1-B5DA-18DFE21069AE",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:simatic_s7-300_cpu_317-2_dp_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0B56C44-3148-4612-9543-9F96DF0142A6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-300_cpu_317-2_dp:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7593F136-F558-4C3D-8429-5141A621981B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:simatic_s7-300_cpu_315f-2_dp_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D67C040-2D94-4872-98F9-B4B08290DD03",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-300_cpu_315f-2_dp:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD7AE84F-1476-4E2C-9E2B-0EDAEFE9EDA7",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:simatic_s7-300_cpu_315f-2_pn_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "694D542E-3E4F-4B6B-BD87-11EDD6C60527",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-300_cpu_315f-2_pn:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "50798314-D77E-48C9-B608-0F7A72C88138",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:simatic_s7-300_cpu_317f-2_pn_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD47DCD2-068E-43E0-AEF8-71E9941FA816",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-300_cpu_317f-2_pn:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2713CAFF-4B49-48DF-A475-02D280927113",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:simatic_s7-300_cpu_317f-2_dp_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7F1F77B-37E4-4929-BA60-C631067BE843",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-300_cpu_317f-2_dp:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B30FDCBC-62BC-43AC-BC92-A44D79525215",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:simatic_tdc_cpu555_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D9C7D4A-F989-4B01-8FFD-5B5859F42D43",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:simatic_tdc_cpu555:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE6AB995-D67B-43E5-B8FF-97C38D20CB10",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability has been identified in SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC TDC CPU555 (All versions), SINUMERIK 840D sl (All versions). Sending multiple specially crafted packets to the affected devices could cause a Denial-of-Service on port 102. A cold restart is required to recover the service."
    },
    {
      "lang": "es",
      "value": "Se ha identificado una vulnerabilidad en la familia de CPUs SIMATIC S7-300 (incluidas las CPUs ET200 relacionadas y las variantes SIPLUS) (Todas las versiones), SIMATIC TDC CPU555 (Todas las versiones), SINUMERIK 840D sl (Todas las versiones). El env\u00edo de m\u00faltiples paquetes especialmente dise\u00f1ados a los dispositivos afectados podr\u00eda causar una denegaci\u00f3n de servicio en el puerto 102. Se requiere un reinicio en fr\u00edo para recuperar el servicio"
    }
  ],
  "id": "CVE-2020-15783",
  "lastModified": "2024-11-21T05:06:10.283",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.8,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-11-12T20:15:16.343",
  "references": [
    {
      "source": "productcert@siemens.com",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-492828.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-492828.pdf"
    }
  ],
  "sourceIdentifier": "productcert@siemens.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-400"
        }
      ],
      "source": "productcert@siemens.com",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-400"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Secondary"
    }
  ]
}