CVE-2020-15798
published 2021-02-09CVE-2020-15798: A vulnerability has been identified in SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions < V16 Update 3a), SIMATIC HMI KTP Mobile Panels (All…
PriorityP270critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
5.18%
91.4th percentile
A vulnerability has been identified in SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions < V16 Update 3a), SIMATIC HMI KTP Mobile Panels (All versions < V16 Update 3a), SINAMICS GH150 (All versions), SINAMICS GL150 (with option X30) (All versions), SINAMICS GM150 (with option X30) (All versions), SINAMICS SH150 (All versions), SINAMICS SL150 (All versions), SINAMICS SM120 (All versions), SINAMICS SM150 (All versions), SINAMICS SM150i (All versions). Affected devices with enabled telnet service do not require authentication for this service. This could allow a remote attacker to gain full access to the device. (ZDI-CAN-12046)
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| siemens | simatic_hmi_comfort_panels | — | — |
| siemens | simatic_hmi_comfort_panels_firmware | < 16.0 | 16.0 |
| siemens | simatic_hmi_comfort_panels_firmware | — | — |
| siemens | simatic_hmi_ktp_mobile_panels | — | — |
| siemens | simatic_hmi_ktp_mobile_panels_firmware | < 16.0 | 16.0 |
| siemens | simatic_hmi_ktp_mobile_panels_firmware | — | — |
| siemens | sinamics_gh150 | — | — |
| siemens | sinamics_gl150 | — | — |
| siemens | sinamics_gm150 | — | — |
| siemens | sinamics_sh150 | — | — |
| siemens | sinamics_sl150 | — | — |
| siemens | sinamics_sm120 | — | — |
| siemens | sinamics_sm150 | — | — |
| siemens | sinamics_sm150i | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect unauthenticated Telnet service access attempts targeting Siemens SIMATIC HMI Comfort Panels and SINAMICS Medium Voltage Products — the Telnet service on affected devices requires no authentication, so any successful Telnet session to these devices is inherently suspicious. ↗
- →Monitor for Telnet (TCP port 23) connections to SIMATIC HMI Comfort Panel and SIMATIC HMI KTP Mobile Panel IP addresses, especially from external or unexpected network segments. ↗
- →Alert on any Telnet session that completes without an authentication exchange (no login/password prompt response) to ICS/HMI devices in the SIMATIC or SINAMICS product families. ↗
- ·Telnet is disabled by default on affected devices; exploitation is only possible if the service has been explicitly enabled. Prioritize scanning/detection efforts for devices where Telnet has been turned on. ↗
- ·The vulnerability carries High attack complexity (AC:H) per CVSS v3, meaning exploitation may require specific network conditions or timing, but no privileges or user interaction are needed. ↗
- ·No known public exploits specifically target this vulnerability at the time of advisory publication. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Siemens SIMATIC HMI Comfort Panel up to 16 Update 2 Telnet Service missing authentication (ssa-520004)
vuldb·2026-06-03·CVSS 9.8
CVE-2020-15798 [CRITICAL] Siemens SIMATIC HMI Comfort Panel up to 16 Update 2 Telnet Service missing authentication (ssa-520004)
A vulnerability was found in Siemens SIMATIC HMI Comfort Panel and SIMATIC HMI KTP Mobile Panel up to 16 Update 2. It has been classified as critical. Impacted is an unknown function of the component Telnet Service. The manipulation leads to missing authentication.
This vulnerability is traded as CVE-2020-15798. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.
It is recommended to apply a patch to fix this issue.
GHSA
GHSA-p3v5-8v5r-qgp2: A vulnerability has been identified in SIMATIC HMI Comfort Panels (incl
ghsa_unreviewed·2022-05-24
CVE-2020-15798 [CRITICAL] CWE-306 GHSA-p3v5-8v5r-qgp2: A vulnerability has been identified in SIMATIC HMI Comfort Panels (incl
A vulnerability has been identified in SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions < V16 Update 3a), SIMATIC HMI KTP Mobile Panels (All versions < V16 Update 3a). Affected devices with enabled telnet service do not require authentication for this service. This could allow a remote attacker to gain full access to the device. (ZDI-CAN-12046)
CISA ICS
Siemens SINAMICS Medium Voltage Products Telnet (Update A)
cisa_ics·2021-08-10·CVSS 9.8
[CRITICAL] Siemens SINAMICS Medium Voltage Products Telnet (Update A)
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Siemens SINAMICS Medium Voltage Products Telnet (Update A)
Last RevisedAugust 10, 2021
Alert CodeICSA-21-131-13
## 1. EXECUTIVE SUMMARY
--------- Begin Update A Part 1 of 3 ---------
- CVSS v3 8.1
--------- End Update A Part 1 of 3 ---------
- ATTENTION: Exploitable remotely
- Vendor: Siemens
- Equipment: SINAMICS Medium Voltage Products
- Vulnerability: Missing Authentication for Critical Function
## 2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an attacker to gain full remote access to the HMI.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PR
CISA ICS
Siemens SIMATIC HMI Comfort Panels & SIMATIC HMI KTP Mobile Panels
cisa_ics·2021-02-02·CVSS 9.8
[CRITICAL] Siemens SIMATIC HMI Comfort Panels & SIMATIC HMI KTP Mobile Panels
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Siemens SIMATIC HMI Comfort Panels & SIMATIC HMI KTP Mobile Panels
Last RevisedFebruary 02, 2021
Alert CodeICSA-21-033-02
## 1. EXECUTIVE SUMMARY
- CVSS v3 8.1
- ATTENTION: Exploitable remotely/low skill level to exploit
- Vendor: Siemens
- Equipment: SIMATIC HMI Comfort Panels, SIMATIC HMI KTP Mobile Panels
- Vulnerability: Missing Authentication for Critical Function
## 2. RISK EVALUATION
Successful exploitation of this vulnerability could allow a remote attacker to gain full access to the device(s) if the Telnet service is enabled.
## 3. TECHNICAL DETAILS
## 3.1 AFFEC
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://cert-portal.siemens.com/productcert/pdf/ssa-520004.pdfhttps://cert-portal.siemens.com/productcert/pdf/ssa-752103.pdfhttps://us-cert.cisa.gov/ics/advisories/icsa-21-033-02https://cert-portal.siemens.com/productcert/pdf/ssa-520004.pdfhttps://cert-portal.siemens.com/productcert/pdf/ssa-752103.pdfhttps://us-cert.cisa.gov/ics/advisories/icsa-21-033-02
2021-02-09
Published