CVE-2020-15786
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability has been identified in SIMATIC HMI Basic Panels 2nd Generation (incl. SIPLUS variants) (All versions < V16), SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions <= V16), SIMATIC HMI Mobile Panels (All versions <= V16), SIMATIC HMI Unified Comfort Panels (All versions <= V16). Affected devices insufficiently block excessive authentication attempts. This could allow a remote attacker to discover user passwords and obtain access to the Sm@rt Server via a brute-force attack.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Siemens | SIMATIC HMI Basic Panels 2nd Generation (incl. SIPLUS variants) | All versions < V16 | affected |
| Siemens | SIMATIC HMI Comfort Panels (incl. SIPLUS variants) | All versions <= V16 | affected |
| Siemens | SIMATIC HMI Mobile Panels | All versions <= V16 | affected |
| Siemens | SIMATIC HMI Unified Comfort Panels | All versions <= V16 | affected |
Weaknesses
- CWE-307: CWE-307: Improper Restriction of Excessive Authentication Attempts
ADP Enrichment
CVE Program Container
Additional References
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: total
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.