Authentication Protocol Vulnerability in SIMATIC S7-300 and S7-400 CPUs
CVE-2020-15791

6.5MEDIUM

Key Information:

Vendor: Siemens
Status: Simatic S7-300 Cpu Family (incl. Related Et200 Cpus And Siplus Variants); Simatic S7-400 Cpu Family (incl. Siplus Variants); Simatic Winac Rtx (f) 2010; Sinumerik 840d Sl
Vendor: CVE Published:; 9 September 2020

Summary

A security flaw exists in the authentication protocol used between clients and programmable logic controllers (PLCs) within Siemens' SIMATIC S7-300 and S7-400 CPU families. The vulnerability arises from insufficient protection of transmitted passwords over network traffic via port 102/tcp (ISO-TSAP). An attacker intercepting this traffic may gain access to valid PLC credentials, potentially compromising the control systems' integrity and security. This threat emphasizes the need for robust encryption methods to secure sensitive data transmissions within industrial environments.

Affected Version(s)

SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) All versions

SIMATIC S7-400 CPU family (incl. SIPLUS variants) All versions

SIMATIC WinAC RTX (F) 2010 All versions

References

https://cert-portal.siemens.com/productcert/pdf/ssa-38168...

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 9, 2020
Vulnerability Reserved
Jul 15, 2020