CVE-2020-7592

Published: Jul 14, 2020Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

A vulnerability has been identified in SIMATIC HMI Basic Panels 1st Generation (incl. SIPLUS variants) (All versions), SIMATIC HMI Basic Panels 2nd Generation (incl. SIPLUS variants) (All versions), SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions), SIMATIC HMI KTP700F Mobile Arctic (All versions), SIMATIC HMI Mobile Panels 2nd Generation (All versions), SIMATIC WinCC Runtime Advanced (All versions). Unencrypted communication between the configuration software and the respective device could allow an attacker to capture potential plain text communication and have access to sensitive information.

Affected (6)

Products: Siemens: Simatic Hmi Basic Panels 1st Generation, Simatic Hmi Basic Panels 2nd Generation, Simatic Wincc Runtime Advanced, Simatic Hmi Comfort Panels Firmware, Simatic Hmi Ktp700f Mobile Arctic Firmware, Simatic Hmi Mobile Panels 2nd Generation Firmware

Siemens

6 products

Simatic Hmi Basic Panels 1st Generation

Simatic Hmi Basic Panels 2nd Generation

Simatic Wincc Runtime Advanced

Simatic Hmi Comfort Panels Firmware

Simatic Hmi Ktp700f Mobile Arctic Firmware

Simatic Hmi Mobile Panels 2nd Generation Firmware

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Siemens Simatic Hmi Basic Panels 1st Generation	All versions
Siemens Simatic Hmi Basic Panels 2nd Generation	All versions
Siemens Simatic Wincc Runtime Advanced	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Simatic Hmi Comfort Panels Firmware	All versions

Running on/with	Platform Versions
Siemens Simatic Hmi Comfort Panels	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Simatic Hmi Ktp700f Mobile Arctic Firmware	All versions

Running on/with	Platform Versions
Siemens Simatic Hmi Ktp700f Mobile Arctic	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Simatic Hmi Mobile Panels 2nd Generation Firmware	All versions

Running on/with	Platform Versions
Siemens Simatic Hmi Mobile Panels 2nd Generation	All versions

Related CWEs

CWE-319

Cleartext Transmission of Sensitive Information

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

References (4)

https://cert-portal.siemens.com/productcert/pdf/ssa-364335.pdf

Source: productcert@siemens.com

Vendor Advisory

https://us-cert.cisa.gov/ics/advisories/icsa-20-196-04

Source: productcert@siemens.com

Third Party AdvisoryUS Government Resource

https://cert-portal.siemens.com/productcert/pdf/ssa-364335.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://us-cert.cisa.gov/ics/advisories/icsa-20-196-04

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

Timeline

No history available yet.