cbcvebase.
CVE-2020-15798
published 2021-02-09

CVE-2020-15798: A vulnerability has been identified in SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions < V16 Update 3a), SIMATIC HMI KTP Mobile Panels (All…

PriorityP270critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
5.18%
91.4th percentile
A vulnerability has been identified in SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions < V16 Update 3a), SIMATIC HMI KTP Mobile Panels (All versions < V16 Update 3a), SINAMICS GH150 (All versions), SINAMICS GL150 (with option X30) (All versions), SINAMICS GM150 (with option X30) (All versions), SINAMICS SH150 (All versions), SINAMICS SL150 (All versions), SINAMICS SM120 (All versions), SINAMICS SM150 (All versions), SINAMICS SM150i (All versions). Affected devices with enabled telnet service do not require authentication for this service. This could allow a remote attacker to gain full access to the device. (ZDI-CAN-12046)

Affected

14 ranges
VendorProductVersion rangeFixed in
siemenssimatic_hmi_comfort_panels
siemenssimatic_hmi_comfort_panels_firmware< 16.016.0
siemenssimatic_hmi_comfort_panels_firmware
siemenssimatic_hmi_ktp_mobile_panels
siemenssimatic_hmi_ktp_mobile_panels_firmware< 16.016.0
siemenssimatic_hmi_ktp_mobile_panels_firmware
siemenssinamics_gh150
siemenssinamics_gl150
siemenssinamics_gm150
siemenssinamics_sh150
siemenssinamics_sl150
siemenssinamics_sm120
siemenssinamics_sm150
siemenssinamics_sm150i

Detection & IOCsextracted from sources · hover to see the quote

  • Detect unauthenticated Telnet service access attempts targeting Siemens SIMATIC HMI Comfort Panels and SINAMICS Medium Voltage Products — the Telnet service on affected devices requires no authentication, so any successful Telnet session to these devices is inherently suspicious.
  • Monitor for Telnet (TCP port 23) connections to SIMATIC HMI Comfort Panel and SIMATIC HMI KTP Mobile Panel IP addresses, especially from external or unexpected network segments.
  • Alert on any Telnet session that completes without an authentication exchange (no login/password prompt response) to ICS/HMI devices in the SIMATIC or SINAMICS product families.
  • ·Telnet is disabled by default on affected devices; exploitation is only possible if the service has been explicitly enabled. Prioritize scanning/detection efforts for devices where Telnet has been turned on.
  • ·The vulnerability carries High attack complexity (AC:H) per CVSS v3, meaning exploitation may require specific network conditions or timing, but no privileges or user interaction are needed.
  • ·No known public exploits specifically target this vulnerability at the time of advisory publication.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.