CVE-2020-15783

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

A vulnerability has been identified in SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC TDC CPU555 (All versions), SINUMERIK 840D sl (All versions). Sending multiple specially crafted packets to the affected devices could cause a Denial-of-Service on port 102. A cold restart is required to recover the service.

References

https://cert-portal.siemens.com/productcert/pdf/ssa-492828.pdf

Details

Source: MITRE

Published: 2020-11-12

Updated: 2021-12-10

Type: CWE-400

Risk Information

CVSS v2

Base Score: 7.8

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

Impact Score: 6.9

Exploitability Score: 10

Severity: HIGH

CVSS v3

Base Score: 7.5

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Impact Score: 3.6

Exploitability Score: 3.9

Severity: HIGH

Vulnerable Software

Configuration 1

AND

OR

cpe:2.3:o:siemens:sinumerik_840d_sl_firmware:*:*:*:*:*:*:*:*

OR

cpe:2.3:h:siemens:sinumerik_840d_sl:-:*:*:*:*:*:*:*

Configuration 2

AND

OR

cpe:2.3:o:siemens:simatic_s7-300_cpu_312_firmware:*:*:*:*:*:*:*:*

OR

cpe:2.3:h:siemens:simatic_s7-300_cpu_312:-:*:*:*:*:*:*:*

Configuration 3

AND

OR

cpe:2.3:o:siemens:simatic_s7-300_cpu_314_firmware:*:*:*:*:*:*:*:*

OR

cpe:2.3:h:siemens:simatic_s7-300_cpu_314:-:*:*:*:*:*:*:*

Configuration 4

AND

OR

cpe:2.3:o:siemens:simatic_s7-300_cpu_315-2_dp_firmware:*:*:*:*:*:*:*:*

OR

cpe:2.3:h:siemens:simatic_s7-300_cpu_315-2_dp:-:*:*:*:*:*:*:*

Configuration 5

AND

OR

cpe:2.3:o:siemens:simatic_s7-300_cpu_315-2_pn_firmware:*:*:*:*:*:*:*:*

OR

cpe:2.3:h:siemens:simatic_s7-300_cpu_315-2_pn:-:*:*:*:*:*:*:*

Configuration 6

AND

OR

cpe:2.3:o:siemens:simatic_s7-300_cpu_317-2_pn_firmware:*:*:*:*:*:*:*:*

OR

cpe:2.3:h:siemens:simatic_s7-300_cpu_317-2_pn:-:*:*:*:*:*:*:*

Configuration 7

AND

OR

cpe:2.3:o:siemens:simatic_s7-300_cpu_317-2_dp_firmware:*:*:*:*:*:*:*:*

OR

cpe:2.3:h:siemens:simatic_s7-300_cpu_317-2_dp:-:*:*:*:*:*:*:*

Configuration 8

AND

OR

cpe:2.3:o:siemens:simatic_s7-300_cpu_315f-2_dp_firmware:*:*:*:*:*:*:*:*

OR

cpe:2.3:h:siemens:simatic_s7-300_cpu_315f-2_dp:-:*:*:*:*:*:*:*

Configuration 9

AND

OR

cpe:2.3:o:siemens:simatic_s7-300_cpu_315f-2_pn_firmware:*:*:*:*:*:*:*:*

OR

cpe:2.3:h:siemens:simatic_s7-300_cpu_315f-2_pn:-:*:*:*:*:*:*:*

Configuration 10

AND

OR

cpe:2.3:o:siemens:simatic_s7-300_cpu_317f-2_pn_firmware:*:*:*:*:*:*:*:*

OR

cpe:2.3:h:siemens:simatic_s7-300_cpu_317f-2_pn:-:*:*:*:*:*:*:*

Configuration 11

AND

OR

cpe:2.3:o:siemens:simatic_s7-300_cpu_317f-2_dp_firmware:*:*:*:*:*:*:*:*

OR

cpe:2.3:h:siemens:simatic_s7-300_cpu_317f-2_dp:-:*:*:*:*:*:*:*

Configuration 12

AND

OR

cpe:2.3:o:siemens:simatic_tdc_cpu555_firmware:*:*:*:*:*:*:*:*

OR

cpe:2.3:h:siemens:simatic_tdc_cpu555:-:*:*:*:*:*:*:*

Tenable Plugins

View all (1 total)

IDNameProductFamilySeverity
500462Siemens Sinumerik Uncontrolled Resource ConsumptionTenable.otSCADA
high