CVE-2020-15791
MEDIUM
6.5
CVSS Severity Score
Vulnerability Description
A vulnerability has been identified in SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC S7-400 CPU family (incl. SIPLUS variants) (All versions), SIMATIC WinAC RTX (F) 2010 (All versions), SINUMERIK 840D sl (All versions). The authentication protocol between a client and a PLC via port 102/tcp (ISO-TSAP) insufficiently protects the transmitted password. This could allow an attacker that is able to intercept the network traffic to obtain valid PLC credentials.
Affected Platforms (CPE)
💻
Siemens
Simatic S7 300 Cpu 312 Firmware
All versions💻
Siemens
Simatic S7 300 Cpu 314 Firmware
All versions💻
Siemens
Simatic S7 300 Cpu 315 2 Dp Firmware
All versions💻
Siemens
Simatic S7 300 Cpu 315 2 Pn Firmware
All versions💻
Siemens
Simatic S7 300 Cpu 317 2 Pn Firmware
All versions💻
Siemens
Simatic S7 300 Cpu 317 2 Dp Firmware
All versions💻
Siemens
Simatic S7 300 Cpu 315f 2 Dp Firmware
All versions💻
Siemens
Simatic S7 300 Cpu 315f 2 Pn Firmware
All versions💻
Siemens
Simatic S7 300 Cpu 317f 2 Pn Firmware
All versions💻
Siemens
Simatic S7 300 Cpu 317f 2 Dp Firmware
All versions💻
Siemens
Simatic S7 400 Cpu 412 Firmware
All versions💻
Siemens
Simatic S7 400 Cpu 414 Firmware
All versions💻
Siemens
Simatic S7 400 Cpu 416 Firmware
All versions💻
Siemens