Vulnerability Details CVE-2013-6920
Siemens SINAMICS S/G controllers with firmware before 4.6.11 do not require authentication for FTP and TELNET sessions, which allows remote attackers to bypass intended access restrictions via TCP traffic to port (1) 21 or (2) 23.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.018
EPSS Ranking 81.8%
CVSS Severity
CVSS v2 Score 10.0
References
- http://ics-cert.us-cert.gov/advisories/ICSA-13-338-01
- http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-742938.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-742938.pdf
- http://ics-cert.us-cert.gov/advisories/ICSA-13-338-01
- http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-742938.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-742938.pdf
Products affected by CVE-2013-6920
-
cpe:2.3:h:siemens:sinamics_g110:-
-
cpe:2.3:h:siemens:sinamics_g110d:-
-
cpe:2.3:h:siemens:sinamics_g120:-
-
cpe:2.3:h:siemens:sinamics_g120c:-
-
cpe:2.3:h:siemens:sinamics_g120d:-
-
cpe:2.3:h:siemens:sinamics_g120p:-
-
cpe:2.3:h:siemens:sinamics_g130:-
-
cpe:2.3:h:siemens:sinamics_g150:-
-
cpe:2.3:h:siemens:sinamics_g180:-
-
cpe:2.3:h:siemens:sinamics_s110:-
-
cpe:2.3:h:siemens:sinamics_s120:-
-
cpe:2.3:h:siemens:sinamics_s120cm:-
-
cpe:2.3:h:siemens:sinamics_s150:-
-
cpe:2.3:o:siemens:sinamics_s/g_family_firmware:4.6