var-202108-2236
Vulnerability from variot
A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V21.9), SIMATIC S7 PLCSIM Advanced (All versions > V2 < V4), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (Version V4.4), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions > V2.5 < V2.9.2), SIMATIC S7-1500 Software Controller (All versions > V2.5 < V21.9), TIM 1531 IRC (incl. SIPLUS NET variants) (Version V2.1). Due to an incorrect authorization check in the affected component, an attacker could extract information about access protected PLC program variables over port 102/tcp from an affected device when reading multiple attributes at once. Multiple Siemens products contain fraudulent authentication vulnerabilities.Information may be obtained. Siemens SIMATIC S7-1500 CPU and SIMATIC S7-1500 are the products of Germany Siemens (Siemens) company. The SIMATIC S7-1500 CPU is a CPU (Central Processing Unit) module. The SIMATIC S7-1500 is a programmable logic controller. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202108-2236",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "siplus cpu 1518f-4 pn\\/dp",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.9.2"
},
{
"model": "cpu 1515-2",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.9.2"
},
{
"model": "siplus cpu-1516f-3 pn\\/dp",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.9.2"
},
{
"model": "cpu 1507d tf",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.9.2"
},
{
"model": "cpu 1516pro-2 pn",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.9.2"
},
{
"model": "cpu 1515-2",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.5"
},
{
"model": "cpu 1515f-2",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.9.2"
},
{
"model": "siplus cpu 1518-4 pn\\/dp",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.9.2"
},
{
"model": "cpu 1517f-3 pn\\/dp",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.9.2"
},
{
"model": "cpu 1510sp-1pn",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.5"
},
{
"model": "cpu 1215c",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "4.4"
},
{
"model": "cpu 1515t-2 pn",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.5"
},
{
"model": "cpu 1511tf-1pn",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.5"
},
{
"model": "cpu 1212c",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "4.4"
},
{
"model": "cpu 1217c",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "4.4"
},
{
"model": "cpu 1215fc",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "4.4"
},
{
"model": "siplus cpu 1513f-1 pn",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.9.2"
},
{
"model": "siplus cpu 1513-1 pn",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.9.2"
},
{
"model": "siplus cpu 1511f-1 pn",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.5"
},
{
"model": "cpu 1517tf-3 pn\\/dp",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.5"
},
{
"model": "siplus cpu 1512sp f-1pn",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.9.2"
},
{
"model": "cpu 1516tf-3 pn\\/dp",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.5"
},
{
"model": "cpu 1513pro f-2 pn",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.5"
},
{
"model": "cpu 1515r-2 pn",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.5"
},
{
"model": "cpu 1512sp-1 pn",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.5"
},
{
"model": "cpu 1516t-3 pn\\/dp",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.5"
},
{
"model": "siplus cpu 1512sp f-1pn",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.5"
},
{
"model": "siplus cpu 1516-3 pn\\/dp",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.9.2"
},
{
"model": "cpu 1212fc",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "4.4"
},
{
"model": "cpu 1515tf-2 pn",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.9.2"
},
{
"model": "cpu 1511c-1 pn",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.5"
},
{
"model": "cpu 1211c",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "4.4"
},
{
"model": "siplus cpu 1511-1 pn",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.5"
},
{
"model": "cpu 1513-1 pn",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.9.2"
},
{
"model": "cpu 1516f-3",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.9.2."
},
{
"model": "siplus cpu 1516-3 pn\\/dp",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.5"
},
{
"model": "cpu 1511-1pn",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.9.2"
},
{
"model": "simatic s7-1500 software controller",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "21.9"
},
{
"model": "cpu 1516-3",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.5"
},
{
"model": "cpu 1516pro f-2 pn",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.5"
},
{
"model": "cpu 1517t-3 pn\\/dp",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.5"
},
{
"model": "cpu 1512sp f-1 pn",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.5"
},
{
"model": "cpu 1517-3 pn\\/dp",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.9.2"
},
{
"model": "cpu1510sp f-1",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.5"
},
{
"model": "cpu 1513r-1 pn",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.9.2"
},
{
"model": "cpu 1511t-1pn",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.9.2"
},
{
"model": "cpu 1214fc",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "4.4"
},
{
"model": "cpu 1214c",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "4.4"
},
{
"model": "cpu 1512c-1 pn",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.5"
},
{
"model": "siplus cpu 1518f-4 pn\\/dp",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.5"
},
{
"model": "cpu 1517t-3 pn\\/dp",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.9.2"
},
{
"model": "cpu 1516pro f-2 pn",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.9.2"
},
{
"model": "tim 1531 irc",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "2.1"
},
{
"model": "siplus cpu-1516f-3 pn\\/dp",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.5"
},
{
"model": "cpu 1510sp-1pn",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.9.2"
},
{
"model": "siplus cpu 1512sp-1 pn",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.9.2"
},
{
"model": "cpu 1516pro-2 pn",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.5"
},
{
"model": "cpu 1518f-4 pn\\/dp",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.9.2"
},
{
"model": "cpu 1518f-4 pn\\/dp",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.5"
},
{
"model": "simatic s7-1500 software controller",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.5"
},
{
"model": "simatic s7 plcsim advanced",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.0"
},
{
"model": "siplus cpu 1512sp-1 pn",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.5"
},
{
"model": "cpu 1517f-3 pn\\/dp",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.5"
},
{
"model": "cpu 1504d tf",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.9.2"
},
{
"model": "simatic s7 plcsim advanced",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.0"
},
{
"model": "cpu 1515t-2 pn",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.9.2"
},
{
"model": "cpu 1515sp pc2 tf",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "21.9"
},
{
"model": "cpu 1511tf-1pn",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.9.2"
},
{
"model": "cpu 1513f-1 pn",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.5"
},
{
"model": "cpu 1516f-3",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.5"
},
{
"model": "siplus cpu 1513-1 pn",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.5"
},
{
"model": "siplus cpu 1513f-1 pn",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.5"
},
{
"model": "cpu 1511f-1pn",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.9.2"
},
{
"model": "siplus cpu 1510sp f-1pn",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.5"
},
{
"model": "cpu 1511f-1pn",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.5"
},
{
"model": "cpu 1513f-1 pn",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.9.2"
},
{
"model": "siplus cpu 1511f-1 pn",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.9.2"
},
{
"model": "cpu 1517tf-3 pn\\/dp",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.9.2"
},
{
"model": "siplus cpu 1510sp f-1pn",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.9.2"
},
{
"model": "cpu 1513pro f-2 pn",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.9.2"
},
{
"model": "cpu 1515r-2 pn",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.9.2"
},
{
"model": "cpu 1512sp-1 pn",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.9.2"
},
{
"model": "cpu 1516t-3 pn\\/dp",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.9.2"
},
{
"model": "cpu 1515tf-2 pn",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.5"
},
{
"model": "cpu 1518-4 pn\\/dp",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.9.2"
},
{
"model": "cpu 1518-4 pn\\/dp",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.5"
},
{
"model": "cpu 1511-1pn",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.5"
},
{
"model": "cpu 1511c-1 pn",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.9.2"
},
{
"model": "siplus cpu 1511-1 pn",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.9.2"
},
{
"model": "cpu 1516tf-3 pn\\/dp",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.9.2"
},
{
"model": "cpu 1512c-1 pn",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.9.2"
},
{
"model": "cpu 1517-3 pn\\/dp",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.5"
},
{
"model": "cpu 1516-3",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.9.2"
},
{
"model": "cpu 1513-1 pn",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.5"
},
{
"model": "cpu 1512sp f-1 pn",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.9.2"
},
{
"model": "cpu 1513r-1 pn",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.5"
},
{
"model": "cpu 1511t-1pn",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.5"
},
{
"model": "cpu1510sp f-1",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.9.2"
},
{
"model": "cpu 1515f-2",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.5"
},
{
"model": "siplus cpu 1518-4 pn\\/dp",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.5"
},
{
"model": "tim 1531 irc",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "cpu 1504d tf",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "simatic s7-plcsim advanced",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "cpu 1507d tf",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "simatic drive controller family",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v2.9.2"
},
{
"model": "simatic et 200sp open controller cpu 1515sp pc2",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic s7 plcsim advanced",
"scope": "gt",
"trust": 0.6,
"vendor": "siemens",
"version": "v2,\u003cv4"
},
{
"model": "simatic s7-1200 cpu family",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.4"
},
{
"model": "simatic s7-1500 cpu family",
"scope": "gt",
"trust": 0.6,
"vendor": "siemens",
"version": "v2.5,\u003cv2.9.2"
},
{
"model": "simatic s7-1500 software controller",
"scope": "gt",
"trust": 0.6,
"vendor": "siemens",
"version": "v2.5"
},
{
"model": "tim irc",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "1531v2.1"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-61122"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-010547"
},
{
"db": "NVD",
"id": "CVE-2020-28397"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens reported this vulnerability to CISA.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202108-879"
}
],
"trust": 0.6
},
"cve": "CVE-2020-28397",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2020-28397",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2021-61122",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"id": "CVE-2020-28397",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2020-28397",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-28397",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2020-28397",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2021-61122",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202108-879",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-28397",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-61122"
},
{
"db": "VULMON",
"id": "CVE-2020-28397"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-010547"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-879"
},
{
"db": "NVD",
"id": "CVE-2020-28397"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability has been identified in SIMATIC Drive Controller family (All versions \u003c V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions \u003c V21.9), SIMATIC S7 PLCSIM Advanced (All versions \u003e V2 \u003c V4), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (Version V4.4), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions \u003e V2.5 \u003c V2.9.2), SIMATIC S7-1500 Software Controller (All versions \u003e V2.5 \u003c V21.9), TIM 1531 IRC (incl. SIPLUS NET variants) (Version V2.1). Due to an incorrect authorization check in the affected component, an attacker could extract information about access protected PLC program variables over port 102/tcp from an affected device when reading multiple attributes at once. Multiple Siemens products contain fraudulent authentication vulnerabilities.Information may be obtained. Siemens SIMATIC S7-1500 CPU and SIMATIC S7-1500 are the products of Germany Siemens (Siemens) company. The SIMATIC S7-1500 CPU is a CPU (Central Processing Unit) module. The SIMATIC S7-1500 is a programmable logic controller. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-28397"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-010547"
},
{
"db": "CNVD",
"id": "CNVD-2021-61122"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "VULMON",
"id": "CVE-2020-28397"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-28397",
"trust": 3.9
},
{
"db": "SIEMENS",
"id": "SSA-865327",
"trust": 2.3
},
{
"db": "JVNDB",
"id": "JVNDB-2021-010547",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-61122",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021041363",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-21-257-23",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021081110",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202108-879",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2020-28397",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-61122"
},
{
"db": "VULMON",
"id": "CVE-2020-28397"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-010547"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-879"
},
{
"db": "NVD",
"id": "CVE-2020-28397"
}
]
},
"id": "VAR-202108-2236",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-61122"
}
],
"trust": 1.4032859711111112
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-61122"
}
]
},
"last_update_date": "2024-08-14T12:40:19.181000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-865327",
"trust": 0.8,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-865327.pdf"
},
{
"title": "Patch for Siemens SIMATIC S7-1500 CPU and SIMATIC S7-1500 Improper Authorization Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/285461"
},
{
"title": "Siemens SIMATIC S7-1500 CPU and SIMATIC S7-1500 Remediation measures for authorization problem vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=159714"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=9cd5926ec23281f7dbb4df33b5aa9ff5"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-61122"
},
{
"db": "VULMON",
"id": "CVE-2020-28397"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-010547"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-879"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-863",
"trust": 1.0
},
{
"problemtype": "Illegal authentication (CWE-863) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-010547"
},
{
"db": "NVD",
"id": "CVE-2020-28397"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-865327.pdf"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-28397"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-257-23"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/simatic-information-disclosure-via-incorrect-authorization-check-36091"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021081110"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/863.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://cert-portal.siemens.com/productcert/txt/ssa-865327.txt"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-61122"
},
{
"db": "VULMON",
"id": "CVE-2020-28397"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-010547"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-879"
},
{
"db": "NVD",
"id": "CVE-2020-28397"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-61122"
},
{
"db": "VULMON",
"id": "CVE-2020-28397"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-010547"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-879"
},
{
"db": "NVD",
"id": "CVE-2020-28397"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-08-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-61122"
},
{
"date": "2021-08-10T00:00:00",
"db": "VULMON",
"id": "CVE-2020-28397"
},
{
"date": "2022-07-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-010547"
},
{
"date": "2021-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-08-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202108-879"
},
{
"date": "2021-08-10T11:15:07.423000",
"db": "NVD",
"id": "CVE-2020-28397"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-01-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-61122"
},
{
"date": "2021-08-20T00:00:00",
"db": "VULMON",
"id": "CVE-2020-28397"
},
{
"date": "2022-07-05T02:10:00",
"db": "JVNDB",
"id": "JVNDB-2021-010547"
},
{
"date": "2021-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-09-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202108-879"
},
{
"date": "2021-12-10T19:57:38.487000",
"db": "NVD",
"id": "CVE-2020-28397"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202108-879"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Fraudulent authentication vulnerabilities in multiple Siemens products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-010547"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.