CVE-2020-15798 — Missing Authentication for Critical Function in Siemens Simatic HMI Comfort Panels Firmware

CWE-306 — Missing Authentication for Critical Function3 documents3 sources

Severity

9.8CRITICALNVD

EPSS

1.7%

top 17.86%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Siemens Simatic HMI Comfort Panels Firmware Siemens Simatic HMI KTP Mobile Panels Firmware Siemens Simatic HMI Comfort Panels +9 more

Timeline

PublishedFeb 9

Latest updateMay 24

Description

A vulnerability has been identified in SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions < V16 Update 3a), SIMATIC HMI KTP Mobile Panels (All versions < V16 Update 3a), SINAMICS GH150 (All versions), SINAMICS GL150 (with option X30) (All versions), SINAMICS GM150 (with option X30) (All versions), SINAMICS SH150 (All versions), SINAMICS SL150 (All versions), SINAMICS SM120 (All versions), SINAMICS SM150 (All versions), SINAMICS SM150i (All versions). Affected devices with enabled t…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages12 packages

▶CVEListV5siemens/sinamics_sm150iAll versions

▶CVEListV5siemens/sinamics_gh150All versions

▶CVEListV5siemens/sinamics_gl150All versions

▶CVEListV5siemens/sinamics_gm150All versions

▶CVEListV5siemens/sinamics_sh150All versions

Patches

Patch: cert-portal.siemens.com ↗Patch: cert-portal.siemens.com ↗

🔴Vulnerability Details

GHSA

GHSA-p3v5-8v5r-qgp2: A vulnerability has been identified in SIMATIC HMI Comfort Panels (incl↗2022-05-24

▶

CVEList

CVE-2020-15798: A vulnerability has been identified in SIMATIC HMI Comfort Panels (incl↗2021-02-09

▶