VDB
SSA-195895
SSA-195895
PUBLISHED
CVSS 5.300000190734863 MEDIUM
The login functionality of the web server in affected devices does not normalize the response times of login attempts. An unauthenticated remote attacker could exploit this side-channel information to distinguish between valid and invalid usernames.
Risk Scores
CVSS 3.1
5.300000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Siemens | SIPLUS S7-1200 CPU 1214 AC/DC/RLY (6AG1214-1BG40-2XB0) | |
| Siemens | SIMATIC Drive Controller CPU 1507D TF (6ES7615-7DF10-0AB0) | |
| Siemens | SIMATIC S7-1500 CPU 1517TF-3 PN/DP (6ES7517-3UP00-0AB0) | |
| Siemens | SIMATIC S7-1500 Software Controller CPU 1508S T V3 | |
| Siemens | SIMATIC ET 200SP CPU 1512SP F-1 PN (6ES7512-1SM03-0AB0) | |
| Siemens | SIMATIC S7-1200 CPU 1217C DC/DC/DC (6ES7217-1AG40-0XB0) | |
| Siemens | SIMATIC ET 200SP CPU 1514SPT-2 PN (6ES7514-2VN03-0AB0) | |
| Siemens | SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) | |
| Siemens | SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0) | |
| Siemens | SIPLUS S7-1200 CPU 1214FC DC/DC/RLY (6AG1214-1HF40-5XB0) | |
| Siemens | SIPLUS S7-1500 CPU 1518HF-4 PN (6AG1518-4JP00-4AB0) | |
| Siemens | SIPLUS S7-1500 CPU 1518F-4 PN/DP (6AG1518-4FP00-4AB0) | |
| Siemens | SIPLUS S7-1200 CPU 1215 AC/DC/RLY (6AG1215-1BG40-2XB0) | |
| Siemens | SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FP03-0AB0) | |
| Siemens | SIMATIC S7-1500 CPU 1511C-1 PN (6ES7511-1CL03-0AB0) | |
| Siemens | SIPLUS S7-1200 CPU 1214C DC/DC/DC RAIL (6AG2214-1AG40-1XB0) | |
| Siemens | SIMATIC S7-1200 CPU 1212FC DC/DC/DC (6ES7212-1AF40-0XB0) | |
| Siemens | SIPLUS S7-1200 CPU 1214 DC/DC/RLY (6AG1214-1HG40-4XB0) | |
| Siemens | SIMATIC S7-1500 CPU 1513R-1 PN (6ES7513-1RM03-0AB0) | |
| Siemens | SIMATIC S7-1500 CPU 1516pro-2 PN (6ES7516-2PP03-0AB0) |
…and 89 more
Timeline
- Feb 11, 2025 CVE Published
- Apr 8, 2025 CVE Updated