← Back

CVE-2020-15798

nvd nist
Published: Feb 9, 2021Modified: Jun 2, 2026

JSON object

Loading...
9.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD

Description

A vulnerability has been identified in SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions < V16 Update 3a), SIMATIC HMI KTP Mobile Panels (All versions < V16 Update 3a), SINAMICS GH150 (All versions), SINAMICS GL150 (with option X30) (All versions), SINAMICS GM150 (with option X30) (All versions), SINAMICS SH150 (All versions), SINAMICS SL150 (All versions), SINAMICS SM120 (All versions), SINAMICS SM150 (All versions), SINAMICS SM150i (All versions). Affected devices with enabled telnet service do not require authentication for this service. This could allow a remote attacker to gain full access to the device. (ZDI-CAN-12046)

Affected (18)

Siemens
10 products
Simatic Hmi Comfort Panels Firmware
Simatic Hmi Ktp Mobile Panels Firmware
Sinamics Gh150 Firmware
Sinamics Gl150 Firmware
Sinamics Gm150 Firmware
Sinamics Sh150 Firmware
Sinamics Sl150 Firmware
Sinamics Sm150 Firmware
Sinamics Sm120 Firmware
Sinamics Sm150i Firmware
Configuration A
5 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Siemens
Simatic Hmi Comfort Panels Firmware
Before 16.0
Simatic Hmi Comfort Panels Firmware
Version 16.0
Simatic Hmi Comfort Panels Firmware
Version 16.0 update1
Simatic Hmi Comfort Panels Firmware
Version 16.0 update2
Simatic Hmi Comfort Panels Firmware
Version 16.0 update3
Running on/withPlatform Versions
Siemens
Simatic Hmi Comfort Panels
All versions
Configuration B
5 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Siemens
Simatic Hmi Ktp Mobile Panels Firmware
Before 16.0
Simatic Hmi Ktp Mobile Panels Firmware
Version 16.0
Simatic Hmi Ktp Mobile Panels Firmware
Version 16.0 update1
Simatic Hmi Ktp Mobile Panels Firmware
Version 16.0 update2
Simatic Hmi Ktp Mobile Panels Firmware
Version 16.0 update3
Running on/withPlatform Versions
Siemens
Simatic Hmi Ktp Mobile Panels
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sinamics Gh150 Firmware
All versions
Running on/withPlatform Versions
Siemens
Sinamics Gh150
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sinamics Gl150 Firmware
All versions
Running on/withPlatform Versions
Siemens
Sinamics Gl150
All versions
Configuration E
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sinamics Gm150 Firmware
All versions
Running on/withPlatform Versions
Siemens
Sinamics Gm150
All versions
Configuration F
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sinamics Sh150 Firmware
All versions
Running on/withPlatform Versions
Siemens
Sinamics Sh150
All versions
Configuration G
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sinamics Sl150 Firmware
All versions
Running on/withPlatform Versions
Siemens
Sinamics Sl150
All versions
Configuration H
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sinamics Sm150 Firmware
All versions
Running on/withPlatform Versions
Siemens
Sinamics Sm150
All versions
Configuration I
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sinamics Sm120 Firmware
All versions
Running on/withPlatform Versions
Siemens
Sinamics Sm120
All versions
Configuration J
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sinamics Sm150i Firmware
All versions
Running on/withPlatform Versions
Siemens
Sinamics Sm150i
All versions

Related CWEs

CWE-306
Missing Authentication for Critical Function
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

References (6)

Source: productcert@siemens.com
Vendor Advisory
Source: productcert@siemens.com
PatchVendor Advisory
Source: productcert@siemens.com
Third Party AdvisoryUS Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryUS Government Resource

Timeline

No history available yet.