CVE-2020-10045
published 2020-07-14CVE-2020-10045: A vulnerability has been identified in SICAM MMU (All versions < V2.05), SICAM SGU (All versions), SICAM T (All versions < V2.18). An error in the…
PriorityP347high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
EPSS
1.07%
60.5th percentile
A vulnerability has been identified in SICAM MMU (All versions < V2.05), SICAM SGU (All versions), SICAM T (All versions < V2.18). An error in the challenge-response procedure could allow an attacker to replay authentication traffic and gain access to protected areas of the web application.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| siemens | sicam_mmu_firmware | < 2.05 | 2.05 |
| siemens | sicam_t_firmware | < 2.18 | 2.18 |
| siemens_ag | sicam_mmu | — | — |
| siemens_ag | sicam_sgu | — | — |
| siemens_ag | sicam_t | — | — |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Siemens SICAM MMU, SICAM T, and SICAM SGU
cisa_ics·2020-07-14·CVSS 7.5
[HIGH] Siemens SICAM MMU, SICAM T, and SICAM SGU
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Siemens SICAM MMU, SICAM T, and SICAM SGU
Last RevisedJuly 14, 2020
Alert CodeICSA-20-196-03
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low skill level to exploit
- Vendor: Siemens
- Equipment: SICAM MMU, SICAM T and SICAM SGU
- Vulnerabilities: Out-of-bounds Read, Missing Authentication for Critical Function, Missing Encryption of Sensitive Data, Use of Password Hash with Insufficient Computational Effort, Cross-site Scripting, Classic Buffer Overflow, Basic XSS, Authentication Bypass by Capture-replay
## 2. RISK EVALUATION
Successful exploita
GHSA
GHSA-vmpp-hpxw-8cww: A vulnerability has been identified in SICAM MMU (All versions < V2
ghsa_unreviewed·2022-05-24
CVE-2020-10045 [MEDIUM] GHSA-vmpp-hpxw-8cww: A vulnerability has been identified in SICAM MMU (All versions < V2
A vulnerability has been identified in SICAM MMU (All versions < V2.05), SICAM SGU (All versions), SICAM T (All versions < V2.18). An error in the challenge-response procedure could allow an attacker to replay authentication traffic and gain access to protected areas of the web application.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2020-07-14
Published