Unauthenticated Remote Access Vulnerability in Siemens SIMATIC HMI and SINAMICS Products
CVE-2020-15798
9.8CRITICAL
Key Information:
- Vendor
Siemens
- Status
- Vendor
- CVE Published:
- 9 February 2021
What is CVE-2020-15798?
A vulnerability exists in various Siemens SIMATIC HMI and SINAMICS products where devices with the telnet service enabled allow remote attackers to access the device without authentication. This lack of security control can lead to significant risks as attackers can potentially exploit this access to manipulate settings or information.
Affected Version(s)
SIMATIC HMI Comfort Panels (incl. SIPLUS variants) All versions < V16 Update 3a
SIMATIC HMI KTP Mobile Panels All versions < V16 Update 3a
SINAMICS GH150 All versions