Unauthorized Access in Siemens SINAMICS S/G Controllers
CVE-2013-6920

Currently unrated

Key Information:

Vendor: Siemens
Status: Sinamics S\/g Family Firmware; Sinamics G110; Sinamics G110d; Sinamics G120
Vendor: CVE Published:; 7 December 2013

What is CVE-2013-6920?

Siemens SINAMICS S/G controllers with firmware prior to version 4.6.11 are susceptible to an improper authentication vulnerability that permits remote attackers to bypass authentication for FTP and TELNET sessions. This allows potentially malicious actors to gain unauthorized access via TCP traffic directed to ports 21 and 23, thus compromising the security posture of affected systems. Users of these controllers are strongly advised to apply the latest firmware updates to mitigate this risk.

References

http://ics-cert.us-cert.gov/advisories/ICSA-13-338-01

x_refsource_MISC

http://www.siemens.com/innovation/pool/de/forschungsfelde...

x_refsource_CONFIRM

https://cert-portal.siemens.com/productcert/pdf/ssa-74293...

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 7, 2013
Vulnerability Reserved
Dec 2, 2013