CVE-2020-28397: A vulnerability has been identified in SIMATIC Drive Controller family (All versions V2 V2.5 V2.5 < V21.9), TIM 1531 IRC (incl. SIPLUS NET variants) (Version…

medium5.3CVSS 3.1

AVNACLPRNUINSUCLINAN

A vulnerability has been identified in SIMATIC Drive Controller family (All versions V2 V2.5 V2.5 < V21.9), TIM 1531 IRC (incl. SIPLUS NET variants) (Version V2.1). Due to an incorrect authorization check in the affected component, an attacker could extract information about access protected PLC program variables over port 102/tcp from an affected device when reading multiple attributes at once.

Affected

63 ranges· showing 25

Vendor	Product	Version range	Fixed in
siemens	cpu1510sp_f-1_firmware	>= 2.5 < 2.9.2	2.9.2
siemens	cpu_1211c_firmware	—	—
siemens	cpu_1212c_firmware	—	—
siemens	cpu_1212fc_firmware	—	—
siemens	cpu_1214c_firmware	—	—
siemens	cpu_1214fc_firmware	—	—
siemens	cpu_1215c_firmware	—	—
siemens	cpu_1215fc_firmware	—	—
siemens	cpu_1217c_firmware	—	—
siemens	cpu_1504d_tf_firmware	< 2.9.2	2.9.2
siemens	cpu_1507d_tf_firmware	< 2.9.2	2.9.2
siemens	cpu_1510sp-1pn_firmware	>= 2.5 < 2.9.2	2.9.2
siemens	cpu_1511-1pn_firmware	>= 2.5 < 2.9.2	2.9.2
siemens	cpu_1511c-1_pn_firmware	>= 2.5 < 2.9.2	2.9.2
siemens	cpu_1511f-1pn_firmware	>= 2.5 < 2.9.2	2.9.2
siemens	cpu_1511t-1pn_firmware	>= 2.5 < 2.9.2	2.9.2
siemens	cpu_1511tf-1pn_firmware	>= 2.5 < 2.9.2	2.9.2
siemens	cpu_1512c-1_pn_firmware	>= 2.5 < 2.9.2	2.9.2
siemens	cpu_1512sp-1_pn_firmware	>= 2.5 < 2.9.2	2.9.2
siemens	cpu_1512sp_f-1_pn_firmware	>= 2.5 < 2.9.2	2.9.2
siemens	cpu_1513-1_pn_firmware	>= 2.5 < 2.9.2	2.9.2
siemens	cpu_1513f-1_pn_firmware	>= 2.5 < 2.9.2	2.9.2
siemens	cpu_1513pro_f-2_pn_firmware	>= 2.5 < 2.9.2	2.9.2
siemens	cpu_1513r-1_pn_firmware	>= 2.5 < 2.9.2	2.9.2
siemens	cpu_1515-2_firmware	>= 2.5 < 2.9.2	2.9.2