Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2020-15798

UNKNOWN
Published 2021-02-09T15:38:17
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2020-15798. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

A vulnerability has been identified in SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions < V16 Update 3a), SIMATIC HMI KTP Mobile Panels (All versions < V16 Update 3a), SINAMICS GH150 (All versions), SINAMICS GL150 (with option X30) (All versions), SINAMICS GM150 (with option X30) (All versions), SINAMICS SH150 (All versions), SINAMICS SL150 (All versions), SINAMICS SM120 (All versions), SINAMICS SM150 (All versions), SINAMICS SM150i (All versions). Affected devices with enabled telnet service do not require authentication for this service. This could allow a remote attacker to gain full access to the device. (ZDI-CAN-12046)

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

Siemens

SIMATIC HMI Comfort Panels (incl. SIPLUS variants)

Affected Versions:

All versions < V16 Update 3a
Siemens

SIMATIC HMI KTP Mobile Panels

Affected Versions:

All versions < V16 Update 3a
Siemens

SINAMICS GH150

Affected Versions:

All versions
Siemens

SINAMICS GL150 (with option X30)

Affected Versions:

All versions
Siemens

SINAMICS GM150 (with option X30)

Affected Versions:

All versions
Siemens

SINAMICS SH150

Affected Versions:

All versions
Siemens

SINAMICS SL150

Affected Versions:

All versions
Siemens

SINAMICS SM120

Affected Versions:

All versions
Siemens

SINAMICS SM150

Affected Versions:

All versions
Siemens

SINAMICS SM150i

Affected Versions:

All versions

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

⚠ Unreviewed CRITICAL

GHSA-p3v5-8v5r-qgp2

Advisory Details

A vulnerability has been identified in SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions < V16 Update 3a), SIMATIC HMI KTP Mobile Panels (All versions < V16 Update 3a). Affected devices with enabled telnet service do not require authentication for this service. This could allow a remote attacker to gain full access to the device. (ZDI-CAN-12046)

CVSS Scoring

CVSS Score

9.0

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2020-15798
WEB https://cert-portal.siemens.com/productcert/pdf/ssa-520004.pdf
WEB https://cert-portal.siemens.com/productcert/pdf/ssa-752103.pdf
WEB https://us-cert.cisa.gov/ics/advisories/icsa-21-033-02

Advisory provided by GitHub Security Advisory Database. Published: May 24, 2022, Modified: October 20, 2022

References

https://cert-portal.siemens.com/productcert/pdf/ssa-520004.pdf
https://us-cert.cisa.gov/ics/advisories/icsa-21-033-02
https://cert-portal.siemens.com/productcert/pdf/ssa-752103.pdf
Published: 2021-02-09T15:38:17
Last Modified: 2024-08-04T13:30:21.706Z
Copied to clipboard!