Denial-of-Service Vulnerability in SIMATIC ET 200SP and S7-1500 Controllers by Siemens
CVE-2020-15796

7.5HIGH

Key Information:

Vendor: Siemens
Status: Simatic Et 200sp Open Controller (incl. Siplus Variants); Simatic S7-1500 Software Controller
Vendor: CVE Published:; 14 December 2020

What is CVE-2020-15796?

A known vulnerability exists in the web server of Siemens SIMATIC ET 200SP Open Controllers and SIMATIC S7-1500 Software Controllers, which could allow remote attackers to execute a denial-of-service attack. By sending a specially crafted HTTP request, attackers can disrupt the normal operation of these products, leading to potential downtime and operational impact. It is crucial for users of these systems to apply necessary patches and updates to mitigate the risk associated with this vulnerability.

Affected Version(s)

SIMATIC ET 200SP Open Controller (incl. SIPLUS variants) V20.8

SIMATIC S7-1500 Software Controller V20.8

References

https://cert-portal.siemens.com/productcert/pdf/ssa-70069...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 14, 2020
Vulnerability Reserved
Jul 15, 2020