A vulnerability has been identified in SIMATIC HMI Basic Panels 2nd Generation (incl. SIPLUS variants) (All versions < V16), SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions <= V16), SIMATIC HMI Mobile Panels (All versions <= V16), SIMATIC HMI Unified Comfort Panels (All versions <= V16). Affected devices insufficiently block excessive authentication attempts. This could allow a remote attacker to discover user passwords and obtain access to the Sm@rt Server via a brute-force attack.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.00422.

Key SSVC decision points have not yet been added.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions
Siemens SIMATIC HMI Basic Panels 2nd Generation (incl. SIPLUS variants) affected
Version Status Constraints
All versions < V16 affected
Siemens SIMATIC HMI Comfort Panels (incl. SIPLUS variants) affected
Version Status Constraints
All versions <= V16 affected
Siemens SIMATIC HMI Mobile Panels affected
Version Status Constraints
All versions <= V16 affected
Siemens SIMATIC HMI Unified Comfort Panels affected
Version Status Constraints
All versions <= V16 affected

Configuration 1 [-]

AND
cpe:2.3:o:siemens:simatic_hmi_basic_panels_2nd_generation_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_hmi_basic_panels_2nd_generation:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND
cpe:2.3:o:siemens:simatic_hmi_comfort_panels_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_hmi_comfort_panels:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND
cpe:2.3:o:siemens:simatic_hmi_mobile_panels_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_hmi_mobile_panels:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND
cpe:2.3:o:siemens:simatic_hmi_united_comfort_panels_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_hmi_united_comfort_panels:-:*:*:*:*:*:*:*

No data.

No data.

Project Subscriptions

Vendors Products
Siemens Subscribe
Simatic Hmi Basic Panels 2nd Generation Subscribe
Simatic Hmi Basic Panels 2nd Generation Firmware Subscribe
Simatic Hmi Comfort Panels Subscribe
Simatic Hmi Comfort Panels Firmware Subscribe
Simatic Hmi Mobile Panels Subscribe
Simatic Hmi Mobile Panels Firmware Subscribe
Simatic Hmi United Comfort Panels Subscribe
Simatic Hmi United Comfort Panels Firmware Subscribe
Advisories
Source ID Title
EUVD EUVD EUVD-2020-7769 A vulnerability has been identified in SIMATIC HMI Basic Panels 2nd Generation (incl. SIPLUS variants) (All versions < V16), SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions <= V16), SIMATIC HMI Mobile Panels (All versions <= V16), SIMATIC HMI Unified Comfort Panels (All versions <= V16). Affected devices insufficiently block excessive authentication attempts. This could allow a remote attacker to discover user passwords and obtain access to the Sm@rt Server via a brute-force attack.
Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References
Link Providers
https://cert-portal.siemens.com/productcert/pdf/ssa-542525.pdf cve-icon cve-icon
History

No history.

Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: siemens

Published:

Updated: 2024-08-04T13:22:30.857Z

Reserved: 2020-07-15T00:00:00

Link: CVE-2020-15786

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2020-09-09T19:15:19.787

Modified: 2024-11-21T05:06:10.660

Link: CVE-2020-15786

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses