Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2020-15786

Опубликовано: 09 сент. 2020
Источник: nvd
CVSS3: 9.8
CVSS2: 5
EPSS Низкий

Описание

A vulnerability has been identified in SIMATIC HMI Basic Panels 2nd Generation (incl. SIPLUS variants) (All versions < V16), SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions <= V16), SIMATIC HMI Mobile Panels (All versions <= V16), SIMATIC HMI Unified Comfort Panels (All versions <= V16). Affected devices insufficiently block excessive authentication attempts. This could allow a remote attacker to discover user passwords and obtain access to the Sm@rt Server via a brute-force attack.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:siemens:simatic_hmi_basic_panels_2nd_generation_firmware:*:*:*:*:*:*:*:*
Версия до 14 (включая)
cpe:2.3:h:siemens:simatic_hmi_basic_panels_2nd_generation:-:*:*:*:*:*:*:*
Конфигурация 2

Одновременно

cpe:2.3:o:siemens:simatic_hmi_comfort_panels_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_hmi_comfort_panels:-:*:*:*:*:*:*:*
Конфигурация 3

Одновременно

cpe:2.3:o:siemens:simatic_hmi_mobile_panels_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_hmi_mobile_panels:-:*:*:*:*:*:*:*
Конфигурация 4

Одновременно

cpe:2.3:o:siemens:simatic_hmi_united_comfort_panels_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_hmi_united_comfort_panels:-:*:*:*:*:*:*:*

EPSS

Процентиль: 62%
0.00422
Низкий

9.8 Critical

CVSS3

5 Medium

CVSS2

Дефекты

CWE-307
CWE-307

Связанные уязвимости

github логотип

GHSA-9hp3-3v8x-gvhx

github
больше 3 лет назад

A vulnerability has been identified in SIMATIC HMI Basic Panels 2nd Generation (incl. SIPLUS variants) (All versions >= 14 and V < XX), SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions), SIMATIC HMI Mobile Panels (All versions), SIMATIC HMI United Comfort Panels (All versions). Affected devices insufficiently block excessive authentication attempts. This could allow a remote attacker to discover user passwords and obtain access to the Sm@rt Server via a brute-force attack.

EPSS

Процентиль: 62%
0.00422
Низкий

9.8 Critical

CVSS3

5 Medium

CVSS2

Дефекты

CWE-307
CWE-307