CVE-2020-28397 | ByteOS Network

Vulnerability Details :

CVE-2020-28397

Assigner-siemens

Assigner Org ID-cec7a2ec-15b4-4faf-bd53-b40f371f3a77

Published At-10 Aug, 2021 | 10:35

Updated At-04 Aug, 2024 | 16:33

A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V21.9), SIMATIC S7 PLCSIM Advanced (All versions > V2 < V4), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (Version V4.4), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions > V2.5 < V2.9.2), SIMATIC S7-1500 Software Controller (All versions > V2.5 < V21.9), TIM 1531 IRC (incl. SIPLUS NET variants) (Version V2.1). Due to an incorrect authorization check in the affected component, an attacker could extract information about access protected PLC program variables over port 102/tcp from an affected device when reading multiple attributes at once.

EPSS History

Score

Latest Score

-

N/A

Percentile

Latest Percentile

-

N/A

▼Common Vulnerabilities and Exposures (CVE)

Assigner:siemens

Assigner Org ID:cec7a2ec-15b4-4faf-bd53-b40f371f3a77

Published At:10 Aug, 2021 | 10:35

Updated At:04 Aug, 2024 | 16:33

▼CVE Numbering Authority (CNA)

A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V21.9), SIMATIC S7 PLCSIM Advanced (All versions > V2 < V4), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (Version V4.4), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions > V2.5 < V2.9.2), SIMATIC S7-1500 Software Controller (All versions > V2.5 < V21.9), TIM 1531 IRC (incl. SIPLUS NET variants) (Version V2.1). Due to an incorrect authorization check in the affected component, an attacker could extract information about access protected PLC program variables over port 102/tcp from an affected device when reading multiple attributes at once.

Affected Products

Vendor

Product

SIMATIC Drive Controller family

Versions

Affected

All versions < V2.9.2

Vendor

Product

SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)

Versions

Affected

All versions < V21.9

Vendor

Product

SIMATIC S7 PLCSIM Advanced

Versions

Affected

All versions > V2 < V4

Vendor

Product

SIMATIC S7-1200 CPU family (incl. SIPLUS variants)

Versions

Affected

Version V4.4

Vendor

Product

SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants)

Versions

Affected

All versions > V2.5 < V2.9.2

Vendor

Product

SIMATIC S7-1500 Software Controller

Versions

Affected

All versions > V2.5 < V21.9

Vendor

Product

TIM 1531 IRC (incl. SIPLUS NET variants)

Versions

Affected

Version V2.1

Problem Types

Type	CWE ID	Description
CWE	CWE-863	CWE-863: Incorrect Authorization

Type: CWE

CWE ID: CWE-863

Description: CWE-863: Incorrect Authorization

References

Hyperlink	Resource
https://cert-portal.siemens.com/productcert/pdf/ssa-865327.pdf	x_refsource_MISC

Hyperlink: https://cert-portal.siemens.com/productcert/pdf/ssa-865327.pdf

Resource:

x_refsource_MISC

▼Authorized Data Publishers (ADP)

CVE Program Container

References

Hyperlink	Resource
https://cert-portal.siemens.com/productcert/pdf/ssa-865327.pdf	x_refsource_MISC x_transferred

Hyperlink: https://cert-portal.siemens.com/productcert/pdf/ssa-865327.pdf

Resource:

x_refsource_MISC

x_transferred

▼National Vulnerability Database (NVD)

Source:productcert@siemens.com

Published At:10 Aug, 2021 | 11:15

Updated At:10 Dec, 2021 | 19:57

A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V21.9), SIMATIC S7 PLCSIM Advanced (All versions > V2 < V4), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (Version V4.4), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions > V2.5 < V2.9.2), SIMATIC S7-1500 Software Controller (All versions > V2.5 < V21.9), TIM 1531 IRC (incl. SIPLUS NET variants) (Version V2.1). Due to an incorrect authorization check in the affected component, an attacker could extract information about access protected PLC program variables over port 102/tcp from an affected device when reading multiple attributes at once.

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	5.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Primary	2.0	5.0	MEDIUM	AV:N/AC:L/Au:N/C:P/I:N/A:N

Type: Primary

Version: 3.1

Base score: 5.3

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Type: Primary

Version: 2.0

Base score: 5.0

Base severity: MEDIUM

Vector:

AV:N/AC:L/Au:N/C:P/I:N/A:N

CPE Matches

>>cpu_1504d_tf>>-

cpe:2.3:h:siemens:cpu_1504d_tf:-:*:*:*:*:*:*:*

>>cpu_1504d_tf_firmware>>Versions before 2.9.2(exclusive)

cpe:2.3:o:siemens:cpu_1504d_tf_firmware:*:*:*:*:*:*:*:*

>>cpu_1507d_tf>>-

cpe:2.3:h:siemens:cpu_1507d_tf:-:*:*:*:*:*:*:*

>>cpu_1507d_tf_firmware>>Versions before 2.9.2(exclusive)

cpe:2.3:o:siemens:cpu_1507d_tf_firmware:*:*:*:*:*:*:*:*

>>cpu_1515sp_pc2_tf>>-

cpe:2.3:h:siemens:cpu_1515sp_pc2_tf:-:*:*:*:*:*:*:*

>>cpu_1515sp_pc2_tf_firmware>>Versions before 21.9(exclusive)

cpe:2.3:o:siemens:cpu_1515sp_pc2_tf_firmware:*:*:*:*:*:*:*:*

>>simatic_s7_plcsim_advanced>>-

cpe:2.3:h:siemens:simatic_s7_plcsim_advanced:-:*:*:*:*:*:*:*

>>simatic_s7_plcsim_advanced_firmware>>Versions from 2.0(inclusive) to 4.0(exclusive)

cpe:2.3:o:siemens:simatic_s7_plcsim_advanced_firmware:*:*:*:*:*:*:*:*

>>simatic_s7-1500_software_controller>>Versions from 2.5(inclusive) to 21.9(exclusive)

cpe:2.3:a:siemens:simatic_s7-1500_software_controller:*:*:*:*:*:*:*:*

>>tim_1531_irc>>-

cpe:2.3:h:siemens:tim_1531_irc:-:*:*:*:*:*:*:*

>>tim_1531_irc_firmware>>2.1

cpe:2.3:o:siemens:tim_1531_irc_firmware:2.1:*:*:*:*:*:*:*

cpe:2.3:h:siemens:cpu_1211c:-:*:*:*:*:*:*:*

>>cpu_1211c_firmware>>4.4

cpe:2.3:o:siemens:cpu_1211c_firmware:4.4:*:*:*:*:*:*:*

cpe:2.3:h:siemens:cpu_1212c:-:*:*:*:*:*:*:*

>>cpu_1212c_firmware>>4.4

cpe:2.3:o:siemens:cpu_1212c_firmware:4.4:*:*:*:*:*:*:*

>>cpu_1212fc>>-

cpe:2.3:h:siemens:cpu_1212fc:-:*:*:*:*:*:*:*

>>cpu_1212fc_firmware>>4.4

cpe:2.3:o:siemens:cpu_1212fc_firmware:4.4:*:*:*:*:*:*:*

>>cpu_1214fc_firmware>>4.4

cpe:2.3:o:siemens:cpu_1214fc_firmware:4.4:*:*:*:*:*:*:*

>>cpu_1214fc>>-

cpe:2.3:h:siemens:cpu_1214fc:-:*:*:*:*:*:*:*

>>cpu_1214c_firmware>>4.4

cpe:2.3:o:siemens:cpu_1214c_firmware:4.4:*:*:*:*:*:*:*

cpe:2.3:h:siemens:cpu_1214c:-:*:*:*:*:*:*:*

>>cpu_1215fc_firmware>>4.4

cpe:2.3:o:siemens:cpu_1215fc_firmware:4.4:*:*:*:*:*:*:*

>>cpu_1215fc>>-

cpe:2.3:h:siemens:cpu_1215fc:-:*:*:*:*:*:*:*

>>cpu_1215c_firmware>>4.4

cpe:2.3:o:siemens:cpu_1215c_firmware:4.4:*:*:*:*:*:*:*

cpe:2.3:h:siemens:cpu_1215c:-:*:*:*:*:*:*:*

>>cpu_1217c_firmware>>4.4

cpe:2.3:o:siemens:cpu_1217c_firmware:4.4:*:*:*:*:*:*:*

cpe:2.3:h:siemens:cpu_1217c:-:*:*:*:*:*:*:*

>>siplus_cpu_1510sp_f-1pn_firmware>>Versions from 2.5(inclusive) to 2.9.2(exclusive)

cpe:2.3:o:siemens:siplus_cpu_1510sp_f-1pn_firmware:*:*:*:*:*:*:*:*

>>siplus_cpu_1510sp_f-1pn>>-

cpe:2.3:h:siemens:siplus_cpu_1510sp_f-1pn:-:*:*:*:*:*:*:*

>>siplus_cpu_1511-1_pn_firmware>>Versions from 2.5(inclusive) to 2.9.2(exclusive)

cpe:2.3:o:siemens:siplus_cpu_1511-1_pn_firmware:*:*:*:*:*:*:*:*

>>siplus_cpu_1511-1_pn>>-

cpe:2.3:h:siemens:siplus_cpu_1511-1_pn:-:*:*:*:*:*:*:*

>>siplus_cpu_1511-1_pn_firmware>>Versions from 2.5(inclusive) to 2.9.2(exclusive)

cpe:2.3:o:siemens:siplus_cpu_1511-1_pn_firmware:*:*:*:*:*:*:*:*

>>siplus_cpu_1511-1_pn>>-

cpe:2.3:h:siemens:siplus_cpu_1511-1_pn:-:*:*:*:*:*:*:*

>>siplus_cpu_1511f-1_pn_firmware>>Versions from 2.5(inclusive) to 2.9.2(exclusive)

cpe:2.3:o:siemens:siplus_cpu_1511f-1_pn_firmware:*:*:*:*:*:*:*:*

>>siplus_cpu_1511f-1_pn>>-

cpe:2.3:h:siemens:siplus_cpu_1511f-1_pn:-:*:*:*:*:*:*:*

>>siplus_cpu_1512sp-1_pn_firmware>>Versions from 2.5(inclusive) to 2.9.2(exclusive)

cpe:2.3:o:siemens:siplus_cpu_1512sp-1_pn_firmware:*:*:*:*:*:*:*:*

>>siplus_cpu_1512sp-1_pn>>-

cpe:2.3:h:siemens:siplus_cpu_1512sp-1_pn:-:*:*:*:*:*:*:*

>>siplus_cpu_1512sp_f-1pn_firmware>>Versions from 2.5(inclusive) to 2.9.2(exclusive)

cpe:2.3:o:siemens:siplus_cpu_1512sp_f-1pn_firmware:*:*:*:*:*:*:*:*

>>siplus_cpu_1512sp_f-1pn>>-

cpe:2.3:h:siemens:siplus_cpu_1512sp_f-1pn:-:*:*:*:*:*:*:*

>>siplus_cpu_1513-1_pn_firmware>>Versions from 2.5(inclusive) to 2.9.2(exclusive)

cpe:2.3:o:siemens:siplus_cpu_1513-1_pn_firmware:*:*:*:*:*:*:*:*

>>siplus_cpu_1513-1_pn>>-

cpe:2.3:h:siemens:siplus_cpu_1513-1_pn:-:*:*:*:*:*:*:*

>>siplus_cpu_1513-1_pn_firmware>>Versions from 2.5(inclusive) to 2.9.2(exclusive)

cpe:2.3:o:siemens:siplus_cpu_1513-1_pn_firmware:*:*:*:*:*:*:*:*

>>siplus_cpu_1513-1_pn>>-

cpe:2.3:h:siemens:siplus_cpu_1513-1_pn:-:*:*:*:*:*:*:*

>>siplus_cpu_1513f-1_pn_firmware>>Versions from 2.5(inclusive) to 2.9.2(exclusive)

cpe:2.3:o:siemens:siplus_cpu_1513f-1_pn_firmware:*:*:*:*:*:*:*:*

>>siplus_cpu_1513f-1_pn>>-

cpe:2.3:h:siemens:siplus_cpu_1513f-1_pn:-:*:*:*:*:*:*:*

>>siplus_cpu_1516-3_pn\/dp_firmware>>Versions from 2.5(inclusive) to 2.9.2(exclusive)

cpe:2.3:o:siemens:siplus_cpu_1516-3_pn\/dp_firmware:*:*:*:*:*:*:*:*

>>siplus_cpu_1516-3_pn\/dp>>-

cpe:2.3:h:siemens:siplus_cpu_1516-3_pn\/dp:-:*:*:*:*:*:*:*

>>siplus_cpu_1516-3_pn\/dp_firmware>>Versions from 2.5(inclusive) to 2.9.2(exclusive)

cpe:2.3:o:siemens:siplus_cpu_1516-3_pn\/dp_firmware:*:*:*:*:*:*:*:*

>>siplus_cpu_1516-3_pn\/dp>>-

cpe:2.3:h:siemens:siplus_cpu_1516-3_pn\/dp:-:*:*:*:*:*:*:*

>>siplus_cpu-1516f-3_pn\/dp_firmware>>Versions from 2.5(inclusive) to 2.9.2(exclusive)

cpe:2.3:o:siemens:siplus_cpu-1516f-3_pn\/dp_firmware:*:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-863	Primary	nvd@nist.gov
CWE-863	Secondary	productcert@siemens.com

CWE ID: CWE-863

Type: Primary

Source: nvd@nist.gov

CWE ID: CWE-863

Type: Secondary

Source: productcert@siemens.com

References

Hyperlink	Source	Resource
https://cert-portal.siemens.com/productcert/pdf/ssa-865327.pdf	productcert@siemens.com	Patch Vendor Advisory

Hyperlink: https://cert-portal.siemens.com/productcert/pdf/ssa-865327.pdf

Source: productcert@siemens.com

Resource:

Patch

Vendor Advisory