Sign-up

ID

VAR-202009-1678


TITLE

A binary vulnerability exists in Siemens PLC of Siemens (China) Co., Ltd.

Trust: 0.6

sources: CNVD: CNVD-2020-49281

DESCRIPTION

Siemens is a global technology company that provides customers with solutions in the fields of power generation and transmission and distribution, infrastructure, industrial automation, drives and software by virtue of innovations in the fields of electrification, automation and digitalization. The Siemens PLC of Siemens (China) Co., Ltd. has a binary vulnerability. Attackers can use the vulnerability to use malicious code to pass the security verification of the PLC, thereby completely controlling the PLC device.

Trust: 0.6

sources: CNVD: CNVD-2020-49281

IOT TAXONOMY

category:['IoT', 'ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-49281

AFFECTED PRODUCTS

vendor:siemensmodel:plc >=s7scope:eqversion:12004.4

Trust: 0.6

sources: CNVD: CNVD-2020-49281

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2020-49281
value: HIGH

Trust: 0.6

CNVD: CNVD-2020-49281
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2020-49281

PATCH

title:The Siemens PLC1200 S7CommPlus protocol has a binary vulnerabilityurl:https://www.cnvd.org.cn/patchinfo/show/227355

Trust: 0.6

sources: CNVD: CNVD-2020-49281

EXTERNAL IDS

db:CNVDid:CNVD-2020-49281

Trust: 0.6

sources: CNVD: CNVD-2020-49281

SOURCES

db:CNVDid:CNVD-2020-49281

LAST UPDATE DATE

2022-05-04T09:15:43.397000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2020-49281date:2020-08-28T00:00:00

SOURCES RELEASE DATE

db:CNVDid:CNVD-2020-49281date:2020-09-07T00:00:00