cbcvebase.
CVE-2020-15786
published 2020-09-09

CVE-2020-15786: A vulnerability has been identified in SIMATIC HMI Basic Panels 2nd Generation (incl. SIPLUS variants) (All versions < V16), SIMATIC HMI Comfort Panels (incl…

PriorityP260critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.48%
70.6th percentile
A vulnerability has been identified in SIMATIC HMI Basic Panels 2nd Generation (incl. SIPLUS variants) (All versions < V16), SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions <= V16), SIMATIC HMI Mobile Panels (All versions <= V16), SIMATIC HMI Unified Comfort Panels (All versions <= V16). Affected devices insufficiently block excessive authentication attempts. This could allow a remote attacker to discover user passwords and obtain access to the Sm@rt Server via a brute-force attack.

Affected

5 ranges
VendorProductVersion rangeFixed in
siemenssimatic_hmi_basic_panels_2nd_generation
siemenssimatic_hmi_basic_panels_2nd_generation_firmware<= 14
siemenssimatic_hmi_comfort_panels
siemenssimatic_hmi_mobile_panels
siemenssimatic_hmi_unified_comfort_panels

Detection & IOCsextracted from sources · hover to see the quote

  • Detect brute-force authentication attempts against Siemens Sm@rtServer (VNC-based remote access) on SIMATIC HMI devices; the vulnerability allows unlimited password guess attempts with minimal effect on guess rate due to insufficient blocking of excessive authentication attempts.
  • Monitor for high-volume repeated authentication attempts targeting Siemens SM@rtServer / VNC service on SIMATIC HMI panels; attacker strategy evades brute-force protection mechanism allowing unlimited password guess attempts.
  • Alert on remote unauthenticated access attempts to Siemens Sm@rtServer / VNC interface exposed on SIMATIC HMI devices; exploitation requires no privileges and no user interaction (CVSS AV:N/AC:L/PR:N/UI:N).
  • ·CVE-2020-15786 affects SIMATIC HMI Basic Panels 2nd Generation (all versions prior to V16), SIMATIC HMI Comfort Panels (all versions up to and including V16), SIMATIC HMI Mobile Panels (all versions up to and including V16), and SIMATIC HMI Unified Comfort Panels (all versions up to and including V16). Patched versions are V16 Update 3 for all affected product lines.
  • ·The SM@rtServer feature must be activated on the HMI for the attack surface to exist; remote access is provided either through Siemens' own Sm@rtClient application or through third-party VNC client software.
  • ·No known public exploits specifically target these vulnerabilities at time of advisory publication.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.