CVE-2020-15787

Опубликовано: 09 сент. 2020

Источник: nvd

CVSS3: 9.8

CVSS2: 5

EPSS Низкий

Описание

A vulnerability has been identified in SIMATIC HMI Unified Comfort Panels (All versions <= V16). Affected devices insufficiently validate authentication attempts as the information given can be truncated to match only a set number of characters versus the whole provided string. This could allow a remote attacker to discover user passwords and obtain access to the Sm@rt Server via a brute-force attack.

Ссылки

https://cert-portal.siemens.com/productcert/pdf/ssa-542525.pdf
Vendor Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-542525.pdf
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:siemens:simatic_hmi_united_comfort_panels_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_hmi_united_comfort_panels:-:*:*:*:*:*:*:*

EPSS

Процентиль: 62%

0.00422

Низкий

9.8 Critical

CVSS3

5 Medium

CVSS2

Дефекты

CWE-305

CWE-287

Связанные уязвимости

GHSA-625f-424x-6j4w

github

больше 3 лет назад

A vulnerability has been identified in SIMATIC HMI United Comfort Panels (All versions). Affected devices insufficiently validate authentication attempts as the information given can be truncated to match only a set number of characters versus the whole provided string. This could allow a remote attacker to discover user passwords and obtain access to the Sm@rt Server via a brute-force attack.