CVE-2013-6920

Currently unrated

Key Information:

Vendor: Siemens
Status: Sinamics S\/g Family Firmware; Sinamics G110; Sinamics G110d; Sinamics G120
Vendor: CVE Published:; 7 December 2013

Summary

Siemens SINAMICS S/G controllers with firmware before 4.6.11 do not require authentication for FTP and TELNET sessions, which allows remote attackers to bypass intended access restrictions via TCP traffic to port (1) 21 or (2) 23.

References

http://ics-cert.us-cert.gov/advisories/ICSA-13-338-01

x_refsource_MISC

http://www.siemens.com/innovation/pool/de/forschungsfelde...

x_refsource_CONFIRM

https://cert-portal.siemens.com/productcert/pdf/ssa-74293...

x_refsource_CONFIRM

Timeline

Vulnerability published
Dec 7, 2013
Vulnerability Reserved
Dec 2, 2013