Vulnerability Details CVE-2020-15782
A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V21.9), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.5.0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V2.9.2), SIMATIC S7-1500 Software Controller (All versions < V21.9), SIMATIC S7-PLCSIM Advanced (All versions < V4.0), SINAMICS PERFECT HARMONY GH180 Drives (Drives manufactured before 2021-08-13), SINUMERIK MC (All versions < V6.15), SINUMERIK ONE (All versions < V6.15). Affected devices are vulnerable to a memory protection bypass through a specific operation. A remote unauthenticated attacker with network access to port 102/tcp could potentially write arbitrary data and code to protected memory areas or read sensitive data to launch further attacks.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 60.4%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- https://cert-portal.siemens.com/productcert/pdf/ssa-434534.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-434535.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-434536.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-434534.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-434535.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-434536.pdf
Products affected by CVE-2020-15782
-
cpe:2.3:a:siemens:simatic_s7-1500__software_controller:-
-
cpe:2.3:a:siemens:simatic_s7-plcsim_advanced:-
-
cpe:2.3:a:siemens:simatic_s7-plcsim_advanced:2.0
-
cpe:2.3:h:siemens:6es7510-1dj01-0ab0:-
-
cpe:2.3:h:siemens:6es7510-1sj01-0ab0:-
-
cpe:2.3:h:siemens:6es7511-1ak01-0ab0:-
-
cpe:2.3:h:siemens:6es7511-1ak02-0ab0:-
-
cpe:2.3:h:siemens:6es7511-1ck00-0ab0:-
-
cpe:2.3:h:siemens:6es7511-1ck01-0ab0:-
-
cpe:2.3:h:siemens:6es7511-1fk01-0ab0:-
-
cpe:2.3:h:siemens:6es7511-1fk02-0ab0:-
-
cpe:2.3:h:siemens:6es7511-1tk01-0ab0:-
-
cpe:2.3:h:siemens:6es7511-1uk01-0ab0:-
-
cpe:2.3:h:siemens:6es7512-1ck00-0ab0:-
-
cpe:2.3:h:siemens:6es7512-1ck01-0ab0:-
-
cpe:2.3:h:siemens:6es7512-1dk01-0ab0:-
-
cpe:2.3:h:siemens:6es7512-1sk01-0ab0:-
-
cpe:2.3:h:siemens:6es7513-1al01-0ab0:-
-
cpe:2.3:h:siemens:6es7513-1al02-0ab0:-
-
cpe:2.3:h:siemens:6es7513-1fl01-0ab0:-
-
cpe:2.3:h:siemens:6es7513-1fl02-0ab0:-
-
cpe:2.3:h:siemens:6es7513-1rl00-0ab0:-
-
cpe:2.3:h:siemens:6es7513-2gl00-0ab0:-
-
cpe:2.3:h:siemens:6es7513-2pl00-0ab0:-
-
cpe:2.3:h:siemens:6es7515-2am01-0ab0:-
-
cpe:2.3:h:siemens:6es7515-2am02-0ab0:-
-
cpe:2.3:h:siemens:6es7515-2fm01-0ab0:-
-
cpe:2.3:h:siemens:6es7515-2fm02-0ab0:-
-
cpe:2.3:h:siemens:6es7515-2rm00-0ab0:-
-
cpe:2.3:h:siemens:6es7515-2tm01-0ab0:-
-
cpe:2.3:h:siemens:6es7515-2um01-0ab0:-
-
cpe:2.3:h:siemens:6es7516-2gn00-0ab0:-
-
cpe:2.3:h:siemens:6es7516-2pn00-0ab0:-
-
cpe:2.3:h:siemens:6es7516-3an01-0ab0:-
-
cpe:2.3:h:siemens:6es7516-3an02-0ab0:-
-
cpe:2.3:h:siemens:6es7516-3fn01-0ab0:-
-
cpe:2.3:h:siemens:6es7516-3fn02-0ab0:-
-
cpe:2.3:h:siemens:6es7516-3tn00-0ab0:-
-
cpe:2.3:h:siemens:6es7516-3un00-0ab0:-
-
cpe:2.3:h:siemens:6es7517-3ap00-0ab0:-
-
cpe:2.3:h:siemens:6es7517-3fp00-0ab0:-
-
cpe:2.3:h:siemens:6es7517-3hp00-0ab0:-
-
cpe:2.3:h:siemens:6es7517-3tp00-0ab0:-
-
cpe:2.3:h:siemens:6es7517-3up00-0ab0:-
-
cpe:2.3:h:siemens:6es7518-4ap00-0ab0:-
-
cpe:2.3:h:siemens:6es7518-4ap00-3ab0:-
-
cpe:2.3:h:siemens:6es7518-4fp00-0ab0:-
-
cpe:2.3:h:siemens:6es7518-4fp00-3ab0:-
-
cpe:2.3:h:siemens:cpu_1211c:-
-
cpe:2.3:h:siemens:cpu_1212c:-
-
cpe:2.3:h:siemens:cpu_1212fc:-
-
cpe:2.3:h:siemens:cpu_1214c:-
-
cpe:2.3:h:siemens:cpu_1214fc:-
-
cpe:2.3:h:siemens:cpu_1215c:-
-
cpe:2.3:h:siemens:cpu_1215fc:-
-
cpe:2.3:h:siemens:cpu_1217c:-
-
cpe:2.3:h:siemens:cpu_1504d_tf:-
-
cpe:2.3:h:siemens:cpu_1507d_tf:-
-
cpe:2.3:h:siemens:cpu_1515sp_pc2:-
-
cpe:2.3:h:siemens:cpu_1515sp_pc:-
-
cpe:2.3:o:siemens:et_200sp_open_controller_firmware:-
-
cpe:2.3:o:siemens:s7-1200_cpu_firmware:-
-
cpe:2.3:o:siemens:s7-1500_cpu_firmware:-
-
cpe:2.3:o:siemens:simatic_driver_controller_firmware:-