CVE-2020-28397
A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions), SIMATIC S7 PLCSIM Advanced (All versions > V2 < V4), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (Version V4.4), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions > V2.5 < V2.9.2), SIMATIC S7-1500 Software Controller (All versions > V2.5), TIM 1531 IRC (incl. SIPLUS NET variants) (Version V2.1). Due to an incorrect authorization check in the affected component, an attacker could extract information about access protected PLC program variables over port 102/tcp from an affected device when reading multiple attributes at once.
EPSS 0.18% · 39.9th percentile
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| siemens | cpu_1516-3_firmware | 2.5 |
| siemens | cpu_1517f-3_pn\/dp_firmware | 2.5 |
| siemens | cpu_1512sp-1_pn_firmware | 2.5 |
| Siemens | SIMATIC Drive Controller family | All versions < V2.9.2 |
| siemens | cpu_1212c_firmware | 4.4 |
| siemens | siplus_cpu_1518-4_pn\/dp_firmware | 2.5 |
| siemens | cpu_1515sp_pc2_tf_firmware | 0 |
| siemens | cpu_1516f-3_firmware | 2.5 |
| siemens | cpu_1507d_tf_firmware | 0 |
| siemens | cpu_1517tf-3_pn\/dp_firmware | 2.5 |
| Siemens | SIMATIC S7 PLCSIM Advanced | All versions > V2 < V4 |
| siemens | siplus_cpu_1513f-1_pn_firmware | 2.5 |
| Siemens | SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) | All versions < V21.9 |
| siemens | cpu_1217c_firmware | 4.4 |
| siemens | siplus_cpu_1512sp-1_pn_firmware | 2.5 |
| siemens | cpu_1516pro_f-2_pn_firmware | 2.5 |
| siemens | siplus_cpu_1511-1_pn_firmware | 2.5, 2.5 |
| siemens | cpu_1513pro_f-2_pn_firmware | 2.5 |
| siemens | siplus_cpu_1510sp_f-1pn_firmware | 2.5 |
| siemens | cpu_1211c_firmware | 4.4 |
…and 43 more
Timeline
- Apr 13, 2021 CVE Published
- Aug 11, 2021 EPSS Score
- Oct 9, 2021 EPSS Score
- Dec 6, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- Apr 3, 2022 EPSS Score
- May 31, 2022 EPSS Score
- Jul 30, 2022 EPSS Score
- Sep 27, 2022 EPSS Score
- Nov 25, 2022 EPSS Score
References
- https://cert-portal.siemens.com/productcert/pdf/ssa-309571.pdf advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-865327.pdf advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-365397.pdf advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-938030.pdf advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-679335.pdf advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-553445.pdf advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-158827.pdf advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-818688.pdf advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-756744.pdf advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-830194.pdf advisory
- https://nvd.nist.gov/vuln/detail/CVE-2020-28397 advisory