Strix
26.1K

CVE-2020-28397

MEDIUMCVSS 5.3/10EPSS 0.75%

Last modified

CVE-2020-28397 is a medium-severity vulnerability rated 5.3/10 on the CVSS scale. A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V21.9), SIMATIC S7 PLCSIM Advanced (All versions > V2 < V4), SIMATIC S7-1200 CPU family (incl. EPSS estimates a 0.75% chance of exploitation in the next 30 days.

Description

A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V21.9), SIMATIC S7 PLCSIM Advanced (All versions > V2 < V4), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (Version V4.4), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions > V2.5 < V2.9.2), SIMATIC S7-1500 Software Controller (All versions > V2.5 < V21.9), TIM 1531 IRC (incl. SIPLUS NET variants) (Version V2.1). Due to an incorrect authorization check in the affected component, an attacker could extract information about access protected PLC program variables over port 102/tcp from an affected device when reading multiple attributes at once.

Metrics

CVSS 3.1
5.3/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS Probability
0.75%

50.3th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
SiemensCpu 1504d Tf Firmware< 2.9.2
SiemensCpu 1507d Tf Firmware< 2.9.2
SiemensCpu 1515sp Pc2 Tf Firmware< 21.9
SiemensSimatic S7 Plcsim Advanced Firmware>= 2.0, < 4.0
SiemensSimatic S7-1500 Software Controller>= 2.5, < 21.9
SiemensTim 1531 Irc Firmware2.1
SiemensCpu 1211c Firmware4.4
SiemensCpu 1212c Firmware4.4
SiemensCpu 1212fc Firmware4.4
SiemensCpu 1214fc Firmware4.4
SiemensCpu 1214c Firmware4.4
SiemensCpu 1215fc Firmware4.4
SiemensCpu 1215c Firmware4.4
SiemensCpu 1217c Firmware4.4
SiemensSiplus Cpu 1510sp F-1pn Firmware>= 2.5, < 2.9.2
SiemensSiplus Cpu 1511-1 Pn Firmware>= 2.5, < 2.9.2
SiemensSiplus Cpu 1511f-1 Pn Firmware>= 2.5, < 2.9.2
SiemensSiplus Cpu 1512sp-1 Pn Firmware>= 2.5, < 2.9.2
SiemensSiplus Cpu 1512sp F-1pn Firmware>= 2.5, < 2.9.2
SiemensSiplus Cpu 1513-1 Pn Firmware>= 2.5, < 2.9.2
SiemensSiplus Cpu 1513f-1 Pn Firmware>= 2.5, < 2.9.2
SiemensSiplus Cpu 1516-3 Pn\/Dp Firmware>= 2.5, < 2.9.2
SiemensSiplus Cpu-1516f-3 Pn\/Dp Firmware>= 2.5, < 2.9.2
SiemensSiplus Cpu 1518-4 Pn\/Dp Firmware>= 2.5, < 2.9.2
SiemensSiplus Cpu 1518f-4 Pn\/Dp Firmware>= 2.5, < 2.9.2
SiemensCpu 1510sp-1pn Firmware>= 2.5, < 2.9.2
SiemensCpu1510sp F-1 Firmware>= 2.5, < 2.9.2
SiemensCpu 1511-1pn Firmware>= 2.5, < 2.9.2
SiemensCpu 1511c-1 Pn Firmware>= 2.5, < 2.9.2
SiemensCpu 1511f-1pn Firmware>= 2.5, < 2.9.2
SiemensCpu 1511t-1pn Firmware>= 2.5, < 2.9.2
SiemensCpu 1511tf-1pn Firmware>= 2.5, < 2.9.2
SiemensCpu 1512c-1 Pn Firmware>= 2.5, < 2.9.2
SiemensCpu 1512sp-1 Pn Firmware>= 2.5, < 2.9.2
SiemensCpu 1512sp F-1 Pn Firmware>= 2.5, < 2.9.2
SiemensCpu 1513-1 Pn Firmware>= 2.5, < 2.9.2
SiemensCpu 1513f-1 Pn Firmware>= 2.5, < 2.9.2
SiemensCpu 1513r-1 Pn Firmware>= 2.5, < 2.9.2
SiemensCpu 1513pro F-2 Pn Firmware>= 2.5, < 2.9.2
SiemensCpu 1515-2 Firmware>= 2.5, < 2.9.2
SiemensCpu 1515f-2 Firmware>= 2.5, < 2.9.2
SiemensCpu 1515r-2 Pn Firmware>= 2.5, < 2.9.2
SiemensCpu 1515t-2 Pn Firmware>= 2.5, < 2.9.2
SiemensCpu 1515tf-2 Pn Firmware>= 2.5, < 2.9.2
SiemensCpu 1516pro F-2 Pn Firmware>= 2.5, < 2.9.2
SiemensCpu 1516pro-2 Pn Firmware>= 2.5, < 2.9.2
SiemensCpu 1516-3 Firmware>= 2.5, < 2.9.2
SiemensCpu 1516f-3 Firmware>= 2.5, < 2.9.2.
SiemensCpu 1516t-3 Pn\/Dp Firmware>= 2.5, < 2.9.2
SiemensCpu 1516tf-3 Pn\/Dp Firmware>= 2.5, < 2.9.2

Showing 50 of 56 affected configurations. See NVD for the full list.

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2020-28397?
A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V21.9), SIMATIC S7 PLCSIM Advanced (All versions > V2 < V4), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (Version V4.4), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions > V2.5 < V2.9.2), SIMATIC S7-1500 Software Controller (All versions > V2.5 < V21.9), TIM 1531 IRC (incl. SIPLUS NET variants) (Version V2.1). Due to an incorrect authorization check in the affected component, an attacker could extract information about access protected PLC program variables over port 102/tcp from an affected device when reading multiple attributes at once.
How severe is CVE-2020-28397?
CVE-2020-28397 has a CVSS score of 5.3/10 (MEDIUM severity). The EPSS model estimates a 0.75% probability of exploitation in the next 30 days.
How do I fix CVE-2020-28397?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2020-28397?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST