CVE-2020-7592

Summary

A vulnerability has been identified in SIMATIC HMI Basic Panels 1st Generation (incl. SIPLUS variants) (All versions), SIMATIC HMI Basic Panels 2nd Generation (incl. SIPLUS variants) (All versions), SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions), SIMATIC HMI KTP700F Mobile Arctic (All versions), SIMATIC HMI Mobile Panels 2nd Generation (All versions), SIMATIC WinCC Runtime Advanced (All versions). Unencrypted communication between the configuration software and the respective device could allow an attacker to capture potential plain text communication and have access to sensitive information.

Affected Software

VendorProductVersion RangeStatus
Siemens AGSIMATIC HMI Basic Panels 1st Generation (incl. SIPLUS variants)All versionsaffected
Siemens AGSIMATIC HMI Basic Panels 2nd Generation (incl. SIPLUS variants)All versionsaffected
Siemens AGSIMATIC HMI Comfort Panels (incl. SIPLUS variants)All versionsaffected
Siemens AGSIMATIC HMI KTP700F Mobile ArcticAll versionsaffected
Siemens AGSIMATIC HMI Mobile Panels 2nd GenerationAll versionsaffected
Siemens AGSIMATIC WinCC Runtime AdvancedAll versionsaffected

Weaknesses

  • CWE-319: CWE-319: Cleartext Transmission of Sensitive Information

ADP Enrichment

CVE Program Container

Additional References

References