Details of VAR-202105-0073

ID

VAR-202105-0073

CVE

CVE-2020-15782

TITLE

Buffer error vulnerability in multiple Siemens products

Trust: 0.8

sources: JVNDB: JVNDB-2021-007649

DESCRIPTION

A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V21.9), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.5.0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V2.9.2), SIMATIC S7-1500 Software Controller (All versions < V21.9), SIMATIC S7-PLCSIM Advanced (All versions < V4.0), SINAMICS PERFECT HARMONY GH180 Drives (Drives manufactured before 2021-08-13), SINUMERIK MC (All versions < V6.15), SINUMERIK ONE (All versions < V6.15). Affected devices are vulnerable to a memory protection bypass through a specific operation. A remote unauthenticated attacker with network access to port 102/tcp could potentially write arbitrary data and code to protected memory areas or read sensitive data to launch further attacks. Multiple Siemens products contain a buffer error vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Siemens SIMATIC S7-1200 and S7-1500 CPU series products are designed for discrete and continuous control in industrial environments, such as global manufacturing, food and beverage, and chemical industries. The Siemens SIMATIC S7-1200 and S7-1500 CPU series have security vulnerabilities. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Trust: 2.79

sources: NVD: CVE-2020-15782 // JVNDB: JVNDB-2021-007649 // CNVD: CNVD-2021-37944 // CNNVD: CNNVD-202104-975 // VULMON: CVE-2020-15782

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-37944

AFFECTED PRODUCTS

vendor:	siemens	model:	s7-1200 cpu	scope:	lt	version:	4.5.0	Trust: 1.0
vendor:	siemens	model:	simatic s7-1500 software controller	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	s7-1500 cpu	scope:	lt	version:	2.9.2	Trust: 1.0
vendor:	siemens	model:	simatic s7-plcsim advanced	scope:	lt	version:	4.0	Trust: 1.0
vendor:	siemens	model:	simatic driver controller	scope:	lt	version:	2.9.2	Trust: 1.0
vendor:	siemens	model:	et 200sp open controller	scope:	eq	version:	*	Trust: 1.0
vendor:	シーメンス	model:	simatic s7-1200 cpu	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	simatic s7-plcsim advanced	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	simatic s7-1500 cpu	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	simatic driver controller	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	simatic s7-1500 software controller	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	simatic et 200sp open controller	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	simatic drive controller family	scope:	lt	version:	v2.9.2	Trust: 0.6
vendor:	siemens	model:	simatic s7-1500 software controller	scope:	-	version:	-	Trust: 0.6
vendor:	siemens	model:	simatic s7-plcsim advanced	scope:	-	version:	-	Trust: 0.6
vendor:	siemens	model:	simatic s7-1500 cpu family	scope:	lt	version:	v2.9.2	Trust: 0.6
vendor:	siemens	model:	simatic s7-1200 cpu family	scope:	lt	version:	v4.5.0	Trust: 0.6
vendor:	siemens	model:	simatic et 200sp open controller cpu 1515sp pc	scope:	-	version:	-	Trust: 0.6
vendor:	siemens	model:	simatic et 200sp open controller cpu 1515sp pc2	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2021-37944 // JVNDB: JVNDB-2021-007649 // NVD: CVE-2020-15782

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-15782
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2020-15782
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2021-37944
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202105-1957
value:	CRITICAL
Trust: 0.6
VULMON:	CVE-2020-15782
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2020-15782
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2021-37944
severity:	HIGH
baseScore:	7.6
vectorString:	AV:N/AC:H/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	4.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2020-15782
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2020-15782
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2021-37944 // VULMON: CVE-2020-15782 // JVNDB: JVNDB-2021-007649 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-1957 // NVD: CVE-2020-15782

PROBLEMTYPE DATA

problemtype:	CWE-119	Trust: 1.0
problemtype:	Buffer error (CWE-119) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-007649 // NVD: CVE-2020-15782

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202105-1957

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:	SSA-434536	url:	https://cert-portal.siemens.com/productcert/pdf/ssa-434534.pdf	Trust: 0.8
title:	Patch for Siemens SIMATIC S7-1200 and S7-1500 CPU series memory protection bypass vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/269101	Trust: 0.6
title:	Siemens SIMATIC Repair measures for buffer errors and vulnerabilities in many products	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=153864	Trust: 0.6
title:	Siemens Security Advisories: Siemens Security Advisory	url:	https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=7584f4eb43b539d25d824fb015a2cf5a	Trust: 0.1
title:	Siemens Security Advisories: Siemens Security Advisory	url:	https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=a901d703a0d80e4b3488817a077f83d4	Trust: 0.1
title:	Siemens Security Advisories: Siemens Security Advisory	url:	https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=616f1ddfa275fcc72669b5a7b8153f51	Trust: 0.1

sources: CNVD: CNVD-2021-37944 // VULMON: CVE-2020-15782 // JVNDB: JVNDB-2021-007649 // CNNVD: CNNVD-202105-1957

EXTERNAL IDS

db:	NVD	id:	CVE-2020-15782	Trust: 3.9
db:	SIEMENS	id:	SSA-434534	Trust: 2.3
db:	SIEMENS	id:	SSA-434535	Trust: 1.7
db:	SIEMENS	id:	SSA-434536	Trust: 1.7
db:	JVN	id:	JVNVU97192309	Trust: 0.8
db:	ICS CERT	id:	ICSA-25-182-01	Trust: 0.8
db:	JVNDB	id:	JVNDB-2021-007649	Trust: 0.8
db:	CNVD	id:	CNVD-2021-37944	Trust: 0.6
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	ICS CERT	id:	ICSA-21-152-01	Trust: 0.6
db:	ICS CERT	id:	ICSA-21-194-17	Trust: 0.6
db:	CS-HELP	id:	SB2021071418	Trust: 0.6
db:	CS-HELP	id:	SB2021053102	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.1900	Trust: 0.6
db:	CNNVD	id:	CNNVD-202105-1957	Trust: 0.6
db:	VULMON	id:	CVE-2020-15782	Trust: 0.1

sources: CNVD: CNVD-2021-37944 // VULMON: CVE-2020-15782 // JVNDB: JVNDB-2021-007649 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-1957 // NVD: CVE-2020-15782

REFERENCES

url:	https://cert-portal.siemens.com/productcert/pdf/ssa-434534.pdf	Trust: 2.3
url:	https://cert-portal.siemens.com/productcert/pdf/ssa-434536.pdf	Trust: 1.7
url:	https://cert-portal.siemens.com/productcert/pdf/ssa-434535.pdf	Trust: 1.7
url:	https://jvn.jp/vu/jvnvu97192309/index.html	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2020-15782	Trust: 0.8
url:	https://www.cisa.gov/news-events/ics-advisories/icsa-25-182-01	Trust: 0.8
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://us-cert.cisa.gov/ics/advisories/icsa-21-152-01	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021071418	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021053102	Trust: 0.6
url:	https://us-cert.cisa.gov/ics/advisories/icsa-21-194-17	Trust: 0.6
url:	https://vigilance.fr/vulnerability/simatic-read-write-access-via-memory-protection-bypass-35564	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.1900	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/119.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://cert-portal.siemens.com/productcert/txt/ssa-434534.txt	Trust: 0.1

sources: CNVD: CNVD-2021-37944 // VULMON: CVE-2020-15782 // JVNDB: JVNDB-2021-007649 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-1957 // NVD: CVE-2020-15782

CREDITS

Tal Keren from Claroty reported this vulnerability to Siemens.

Trust: 0.6

sources: CNNVD: CNNVD-202105-1957

SOURCES

db:	CNVD	id:	CNVD-2021-37944
db:	VULMON	id:	CVE-2020-15782
db:	JVNDB	id:	JVNDB-2021-007649
db:	CNNVD	id:	CNNVD-202104-975
db:	CNNVD	id:	CNNVD-202105-1957
db:	NVD	id:	CVE-2020-15782

LAST UPDATE DATE

2025-07-04T22:23:33.242000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-37944	date:	2021-05-31T00:00:00
db:	VULMON	id:	CVE-2020-15782	date:	2021-07-13T00:00:00
db:	JVNDB	id:	JVNDB-2021-007649	date:	2025-07-03T05:50:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	CNNVD	id:	CNNVD-202105-1957	date:	2021-09-15T00:00:00
db:	NVD	id:	CVE-2020-15782	date:	2021-09-14T11:15:16.220

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-37944	date:	2021-05-31T00:00:00
db:	VULMON	id:	CVE-2020-15782	date:	2021-05-28T00:00:00
db:	JVNDB	id:	JVNDB-2021-007649	date:	2022-02-18T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	CNNVD	id:	CNNVD-202105-1957	date:	2021-05-28T00:00:00
db:	NVD	id:	CVE-2020-15782	date:	2021-05-28T16:15:07.790