CVE-2020-15783 — Uncontrolled Resource Consumption in Siemens Simatic S7-300 CPU Family

CWE-400 — Uncontrolled Resource Consumption3 documents3 sources

Severity

7.5HIGHNVD

EPSS

0.2%

top 59.06%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Siemens Simatic S7-300 CPU Family Siemens Simatic TDC Cpu555 Siemens Sinumerik 840d SL

Timeline

PublishedNov 12

Latest updateMay 24

Description

A vulnerability has been identified in SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC TDC CPU555 (All versions), SINUMERIK 840D sl (All versions). Sending multiple specially crafted packets to the affected devices could cause a Denial-of-Service on port 102. A cold restart is required to recover the service.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶CVEListV5siemens/simatic_tdc_cpu555All versions

▶CVEListV5siemens/simatic_s7-300_cpu_familyAll versions

▶CVEListV5siemens/sinumerik_840d_slAll versions

🔴Vulnerability Details

GHSA

GHSA-h3cm-r647-2vf6: A vulnerability has been identified in SIMATIC S7-300 CPU family (incl↗2022-05-24

▶

CVEList

CVE-2020-15783: A vulnerability has been identified in SIMATIC S7-300 CPU family (incl↗2020-11-12

▶