CVE-2020-15786 — Improper Restriction of Excessive Authentication Attempts in Siemens Simatic HMI Basic Panels 2ND Generation Firmware

CWE-307 — Improper Restriction of Excessive Authentication Attempts3 documents3 sources

Severity

9.8CRITICALNVD

EPSS

0.4%

top 37.89%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Siemens Simatic HMI Basic Panels 2ND Generation Firmware Siemens Simatic HMI Basic Panels 2ND Generation Siemens Simatic HMI Comfort Panels +2 more

Timeline

PublishedSep 9

Latest updateMay 24

Description

A vulnerability has been identified in SIMATIC HMI Basic Panels 2nd Generation (incl. SIPLUS variants) (All versions < V16), SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions <= V16), SIMATIC HMI Mobile Panels (All versions <= V16), SIMATIC HMI Unified Comfort Panels (All versions <= V16). Affected devices insufficiently block excessive authentication attempts. This could allow a remote attacker to discover user passwords and obtain access to the Sm@rt Server via a brute-force att…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages5 packages

▶CVEListV5siemens/simatic_hmi_unified_comfort_panelsAll versions <= V16

▶NVDsiemens/simatic_hmi_basic_panels_2nd_generation_firmware14

▶CVEListV5siemens/simatic_hmi_comfort_panelsAll versions <= V16

▶CVEListV5siemens/simatic_hmi_basic_panels_2nd_generationAll versions < V16

▶CVEListV5siemens/simatic_hmi_mobile_panelsAll versions <= V16

🔴Vulnerability Details

GHSA

GHSA-9hp3-3v8x-gvhx: A vulnerability has been identified in SIMATIC HMI Basic Panels 2nd Generation (incl↗2022-05-24

▶

CVEList

CVE-2020-15786: A vulnerability has been identified in SIMATIC HMI Basic Panels 2nd Generation (incl↗2020-09-09

▶