Authorization Bypass in SIMATIC Drive Controllers and Other Siemens Products
CVE-2020-28397

5.3MEDIUM

Key Information:

Vendor: Siemens
Status: Simatic Drive Controller Family; Simatic Et 200sp Open Controller Cpu 1515sp Pc2 (incl. Siplus Variants); Simatic S7 Plcsim Advanced; Simatic S7-1200 Cpu Family (incl. Siplus Variants)
Vendor: CVE Published:; 10 August 2021

Summary

A flaw has been discovered in various Siemens products, including the SIMATIC Drive Controller family and ET 200SP Open Controller CPUs, due to an incorrect authorization check. This vulnerability allows an attacker to potentially extract sensitive information about access-protected PLC program variables over TCP port 102. By reading multiple attributes at once, malicious actors could exploit this weakness, compromising the integrity of system operations and exposing critical data to unauthorized users.

Affected Version(s)

SIMATIC Drive Controller family All versions < V2.9.2

SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) All versions < V21.9

SIMATIC S7 PLCSIM Advanced All versions > V2 < V4

References

https://cert-portal.siemens.com/productcert/pdf/ssa-86532...

x_refsource_MISC

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 10, 2021
Vulnerability Reserved
Nov 10, 2020