CVE-2020-28397

moderate-risk
Published 2021-08-10

A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V21.9), SIMATIC S7 PLCSIM Advanced (All versions > V2 < V4), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (Version V4.4), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions > V2.5 < V2.9.2), SIMATIC S7-1500 Software Controller (All versions > V2.5 < V21.9), TIM 1531 IRC (incl. SIPLUS NET variants) (Version V2.1). Due to an incorrect authorization check in the affected component, an attacker could extract information about access protected PLC program variables over port 102/tcp from an affected device when reading multiple attributes at once.

Do I need to act?

-
0.18% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.3/10 Medium
NETWORK / LOW complexity

Affected Products (20)

Cpu 1504D Tf Firmware
Cpu 1507D Tf Firmware
Cpu 1515Sp Pc2 Tf Firmware
Simatic S7 Plcsim Advanced Firmware
Simatic S7-1500 Software Controller
Tim 1531 Irc Firmware
Cpu 1211C Firmware
Cpu 1212C Firmware
Cpu 1212Fc Firmware
Cpu 1214Fc Firmware
Cpu 1214C Firmware
Cpu 1215Fc Firmware
Cpu 1215C Firmware
Cpu 1217C Firmware
Siplus Cpu 1510Sp F-1Pn Firmware
Siplus Cpu 1511-1 Pn Firmware
Siplus Cpu 1511F-1 Pn Firmware
Siplus Cpu 1512Sp-1 Pn Firmware
Siplus Cpu 1512Sp F-1Pn Firmware
Siplus Cpu 1513-1 Pn Firmware

Affected Vendors

Siemens

References (2)

Patch https://cert-portal.siemens.com/productcert/pdf/ssa-865327.pdf
Patch https://cert-portal.siemens.com/productcert/pdf/ssa-865327.pdf
48
/ 100
moderate-risk
Severity 21/34 · High
Exploitability 1/34 · Minimal
Exposure 26/34 · High