Siemens has identified the following specific workarounds and mitigations users can apply to reduce the risk: Hyunguk Yoo from University of New Orleans, Irfan Ahmed and Adeen Ayub from Virginia Commonwealth University, Jongwon Choi from National Security Research Institute, and Taeshik Shon from Ajou University reported this vulnerability to Siemens. CRITICAL INFRASTRUCTURE SECTORS: Critical Manufacturing.A CVSS v3 base score of 5.9 has been calculated the CVSS vector string is ( AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N). This could allow an attacker that is able to intercept the network traffic to obtain valid PLC credentials.ĬVE-2020-15791 has been assigned to this vulnerability. The authentication protocol between a client and a PLC via Port 102/TCP (ISO-TSAP) insufficiently protects the transmitted password. SIMATIC WinAC RTX (F) 2010: All versionsĤ.2 VULNERABILITY OVERVIEW 4.2.1 INSUFFICIENTLY PROTECTED CREDENTIALS CWE-522.
related ET200 CPUs and SIPLUS variants): All versions Siemens reports the vulnerability affects the following versions of SIMATIC S7-300 and S7-400 CPU families: Successful exploitation of this vulnerability could result in credential disclosure.
#Siemens simatic s7 update#
This updated advisory is a follow-up to the advisory update titled ICSA-20-252-02 Siemens SIMATIC S7-300 and S7-400 CPUs (Update B) that was published November 10, 2020, to the ICS webpage on. Vulnerability: Insufficiently Protected Credentials.Equipment: SIMATIC S7-300 and S7-400 CPUs.
0 kommentar(er)
