Multiple vulnerabilities in Siemens Industrial Products Intel CPUs
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 12 |
| CVE-ID | CVE-2020-8670 CVE-2020-8703 CVE-2020-8704 CVE-2020-12357 CVE-2020-12358 CVE-2020-12360 CVE-2020-24486 CVE-2020-24506 CVE-2020-24507 CVE-2020-24511 CVE-2020-24512 CVE-2020-24513 |
| CWE-ID | CWE-362 CWE-119 CWE-665 CWE-125 CWE-20 CWE-200 CWE-203 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
SINUMERIK ONE PPU 1740 Hardware solutions / Firmware SINUMERIK ONE / SINUMERIK 840D sl Handheld Terminal HT 10 Hardware solutions / Firmware SINUMERIK MC MCU 1720 Hardware solutions / Firmware SINUMERIK 828D HW PPU.4 Hardware solutions / Firmware SIMATIC S7-1500 CPU 1518F-4 PN-DP MFP Hardware solutions / Firmware SIMATIC IPC527GE Hardware solutions / Firmware SIMATIC IPC477E Pro Hardware solutions / Firmware SIMATIC IPC127E Hardware solutions / Firmware SIMATIC Field PG M6 Hardware solutions / Firmware SIMATIC Field PG M5 Hardware solutions / Firmware SIMATIC Drive Controller Hardware solutions / Firmware SIMATIC S7-1500 CPU 1518-4 PN/DP MFP Hardware solutions / Firmware SIMATIC IPC847E Hardware solutions / Firmware SIMATIC IPC677E Hardware solutions / Firmware SIMATIC IPC647E Hardware solutions / Firmware SIMATIC IPC627E Hardware solutions / Firmware SIMATIC ET 200SP Open Controller CPU 1515SP PC2 Server applications / SCADA systems SIMATIC ITP1000 Server applications / SCADA systems SIMATIC IPC547G Server applications / SCADA systems SIMATIC IPC477E Server applications / SCADA systems SIMATIC IPC427E Server applications / SCADA systems |
| Vendor | Siemens |
Security Bulletin
This security bulletin contains information about 12 vulnerabilities.
1) Race condition
EUVDB-ID: #VU54162
Risk: Low
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2020-8670
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition in the firmware . A local administrator can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSINUMERIK ONE PPU 1740: All versions
SINUMERIK ONE / SINUMERIK 840D sl Handheld Terminal HT 10: All versions
SINUMERIK MC MCU 1720: All versions
SINUMERIK 828D HW PPU.4: All versions
SIMATIC S7-1500 CPU 1518F-4 PN-DP MFP: All versions
SIMATIC IPC527GE: All versions
SIMATIC IPC477E Pro: All versions
SIMATIC IPC127E: All versions
SIMATIC Field PG M6: All versions
SIMATIC Field PG M5: All versions
SIMATIC Drive Controller: All versions
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP: All versions
SIMATIC ET 200SP Open Controller CPU 1515SP PC2: All versions
SIMATIC ITP1000: All versions
SIMATIC IPC547G: All versions
SIMATIC IPC477E: All versions
SIMATIC IPC427E: All versions
SIMATIC IPC847E: before 25.02.10
SIMATIC IPC677E: before 25.02.10
SIMATIC IPC647E: before 25.02.10
SIMATIC IPC627E: before 25.02.10
CPE2.3- cpe:2.3:h:siemens:sinumerik_one_ppu_1740:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:sinumerik_one_sinumerik_840d_sl_handheld_terminal_ht_10:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:sinumerik_mc_mcu_1720:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:sinumerik_828d_hw_ppu.4:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_s7-1500_cpu_1518f-4_pn-dp_mfp:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_ipc527ge:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_ipc477e_pro:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_ipc127e:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_field_pg_m6:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_field_pg_m5:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_drive_controller:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_s7-1500_cpu_1518-4_pn_dp_mfp:*:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:simatic_et_200sp_open_controller_cpu_1515sp_pc2:*:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:simatic_itp1000:*:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:simatic_ipc547g:*:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:simatic_ipc477e:*:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:simatic_ipc427e:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_ipc847e:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_ipc677e:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_ipc647e:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_ipc627e:*:*:*:*:*:*:*:*
https:
https://cert-portal.siemens.com/productcert/pdf/ssa-309571.pdf
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Buffer overflow
EUVDB-ID: #VU54198
Risk: Low
CVSSv4.0: 4.2 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2020-8703
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error in a subsystem. A local administrator can trigger memory corruption and gain elevated privileges on the target system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSINUMERIK ONE PPU 1740: All versions
SINUMERIK ONE / SINUMERIK 840D sl Handheld Terminal HT 10: All versions
SINUMERIK MC MCU 1720: All versions
SINUMERIK 828D HW PPU.4: All versions
SIMATIC S7-1500 CPU 1518F-4 PN-DP MFP: All versions
SIMATIC IPC527GE: All versions
SIMATIC IPC477E Pro: All versions
SIMATIC IPC127E: All versions
SIMATIC Field PG M6: All versions
SIMATIC Field PG M5: All versions
SIMATIC Drive Controller: All versions
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP: All versions
SIMATIC ET 200SP Open Controller CPU 1515SP PC2: All versions
SIMATIC ITP1000: All versions
SIMATIC IPC547G: All versions
SIMATIC IPC477E: All versions
SIMATIC IPC427E: All versions
SIMATIC IPC847E: before 25.02.10
SIMATIC IPC677E: before 25.02.10
SIMATIC IPC647E: before 25.02.10
SIMATIC IPC627E: before 25.02.10
CPE2.3- cpe:2.3:h:siemens:sinumerik_one_ppu_1740:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:sinumerik_one_sinumerik_840d_sl_handheld_terminal_ht_10:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:sinumerik_mc_mcu_1720:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:sinumerik_828d_hw_ppu.4:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_s7-1500_cpu_1518f-4_pn-dp_mfp:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_ipc527ge:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_ipc477e_pro:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_ipc127e:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_field_pg_m6:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_field_pg_m5:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_drive_controller:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_s7-1500_cpu_1518-4_pn_dp_mfp:*:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:simatic_et_200sp_open_controller_cpu_1515sp_pc2:*:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:simatic_itp1000:*:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:simatic_ipc547g:*:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:simatic_ipc477e:*:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:simatic_ipc427e:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_ipc847e:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_ipc677e:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_ipc647e:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_ipc627e:*:*:*:*:*:*:*:*
https:
https://cert-portal.siemens.com/productcert/pdf/ssa-309571.pdf
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Race condition
EUVDB-ID: #VU54195
Risk: Low
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2020-8704
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition in subsystem. A local administrator can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSINUMERIK ONE PPU 1740: All versions
SINUMERIK ONE / SINUMERIK 840D sl Handheld Terminal HT 10: All versions
SINUMERIK MC MCU 1720: All versions
SINUMERIK 828D HW PPU.4: All versions
SIMATIC S7-1500 CPU 1518F-4 PN-DP MFP: All versions
SIMATIC IPC527GE: All versions
SIMATIC IPC477E Pro: All versions
SIMATIC IPC127E: All versions
SIMATIC Field PG M6: All versions
SIMATIC Field PG M5: All versions
SIMATIC Drive Controller: All versions
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP: All versions
SIMATIC ET 200SP Open Controller CPU 1515SP PC2: All versions
SIMATIC ITP1000: All versions
SIMATIC IPC547G: All versions
SIMATIC IPC477E: All versions
SIMATIC IPC427E: All versions
SIMATIC IPC847E: before 25.02.10
SIMATIC IPC677E: before 25.02.10
SIMATIC IPC647E: before 25.02.10
SIMATIC IPC627E: before 25.02.10
CPE2.3- cpe:2.3:h:siemens:sinumerik_one_ppu_1740:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:sinumerik_one_sinumerik_840d_sl_handheld_terminal_ht_10:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:sinumerik_mc_mcu_1720:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:sinumerik_828d_hw_ppu.4:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_s7-1500_cpu_1518f-4_pn-dp_mfp:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_ipc527ge:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_ipc477e_pro:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_ipc127e:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_field_pg_m6:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_field_pg_m5:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_drive_controller:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_s7-1500_cpu_1518-4_pn_dp_mfp:*:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:simatic_et_200sp_open_controller_cpu_1515sp_pc2:*:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:simatic_itp1000:*:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:simatic_ipc547g:*:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:simatic_ipc477e:*:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:simatic_ipc427e:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_ipc847e:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_ipc677e:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_ipc647e:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_ipc627e:*:*:*:*:*:*:*:*
https:
https://cert-portal.siemens.com/productcert/pdf/ssa-309571.pdf
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Improper Initialization
EUVDB-ID: #VU54161
Risk: Low
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2020-12357
CWE-ID:
CWE-665 - Improper Initialization
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improper initialization in the firmware. A local administrator can run a specially crafted application to execute arbitrary code with escalated privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSINUMERIK ONE PPU 1740: All versions
SINUMERIK ONE / SINUMERIK 840D sl Handheld Terminal HT 10: All versions
SINUMERIK MC MCU 1720: All versions
SINUMERIK 828D HW PPU.4: All versions
SIMATIC S7-1500 CPU 1518F-4 PN-DP MFP: All versions
SIMATIC IPC527GE: All versions
SIMATIC IPC477E Pro: All versions
SIMATIC IPC127E: All versions
SIMATIC Field PG M6: All versions
SIMATIC Field PG M5: All versions
SIMATIC Drive Controller: All versions
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP: All versions
SIMATIC ET 200SP Open Controller CPU 1515SP PC2: All versions
SIMATIC ITP1000: All versions
SIMATIC IPC547G: All versions
SIMATIC IPC477E: All versions
SIMATIC IPC427E: All versions
SIMATIC IPC847E: before 25.02.10
SIMATIC IPC677E: before 25.02.10
SIMATIC IPC647E: before 25.02.10
SIMATIC IPC627E: before 25.02.10
CPE2.3- cpe:2.3:h:siemens:sinumerik_one_ppu_1740:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:sinumerik_one_sinumerik_840d_sl_handheld_terminal_ht_10:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:sinumerik_mc_mcu_1720:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:sinumerik_828d_hw_ppu.4:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_s7-1500_cpu_1518f-4_pn-dp_mfp:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_ipc527ge:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_ipc477e_pro:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_ipc127e:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_field_pg_m6:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_field_pg_m5:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_drive_controller:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_s7-1500_cpu_1518-4_pn_dp_mfp:*:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:simatic_et_200sp_open_controller_cpu_1515sp_pc2:*:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:simatic_itp1000:*:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:simatic_ipc547g:*:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:simatic_ipc477e:*:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:simatic_ipc427e:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_ipc847e:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_ipc677e:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_ipc647e:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_ipc627e:*:*:*:*:*:*:*:*
https:
https://cert-portal.siemens.com/productcert/pdf/ssa-309571.pdf
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Buffer overflow
EUVDB-ID: #VU54165
Risk: Low
CVSSv4.0: 4.2 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2020-12358
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error when in the firmware. A local administrator can trigger memory corruption and cause a denial of service condition on the target system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSINUMERIK ONE PPU 1740: All versions
SINUMERIK ONE / SINUMERIK 840D sl Handheld Terminal HT 10: All versions
SINUMERIK MC MCU 1720: All versions
SINUMERIK 828D HW PPU.4: All versions
SIMATIC S7-1500 CPU 1518F-4 PN-DP MFP: All versions
SIMATIC IPC527GE: All versions
SIMATIC IPC477E Pro: All versions
SIMATIC IPC127E: All versions
SIMATIC Field PG M6: All versions
SIMATIC Field PG M5: All versions
SIMATIC Drive Controller: All versions
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP: All versions
SIMATIC ET 200SP Open Controller CPU 1515SP PC2: All versions
SIMATIC ITP1000: All versions
SIMATIC IPC547G: All versions
SIMATIC IPC477E: All versions
SIMATIC IPC427E: All versions
SIMATIC IPC847E: before 25.02.10
SIMATIC IPC677E: before 25.02.10
SIMATIC IPC647E: before 25.02.10
SIMATIC IPC627E: before 25.02.10
CPE2.3- cpe:2.3:h:siemens:sinumerik_one_ppu_1740:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:sinumerik_one_sinumerik_840d_sl_handheld_terminal_ht_10:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:sinumerik_mc_mcu_1720:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:sinumerik_828d_hw_ppu.4:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_s7-1500_cpu_1518f-4_pn-dp_mfp:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_ipc527ge:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_ipc477e_pro:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_ipc127e:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_field_pg_m6:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_field_pg_m5:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_drive_controller:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_s7-1500_cpu_1518-4_pn_dp_mfp:*:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:simatic_et_200sp_open_controller_cpu_1515sp_pc2:*:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:simatic_itp1000:*:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:simatic_ipc547g:*:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:simatic_ipc477e:*:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:simatic_ipc427e:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_ipc847e:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_ipc677e:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_ipc647e:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_ipc627e:*:*:*:*:*:*:*:*
https:
https://cert-portal.siemens.com/productcert/pdf/ssa-309571.pdf
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Out-of-bounds read
EUVDB-ID: #VU54167
Risk: Low
CVSSv4.0: 1.9 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2020-12360
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in the firmware. A local user can trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSINUMERIK ONE PPU 1740: All versions
SINUMERIK ONE / SINUMERIK 840D sl Handheld Terminal HT 10: All versions
SINUMERIK MC MCU 1720: All versions
SINUMERIK 828D HW PPU.4: All versions
SIMATIC S7-1500 CPU 1518F-4 PN-DP MFP: All versions
SIMATIC IPC527GE: All versions
SIMATIC IPC477E Pro: All versions
SIMATIC IPC127E: All versions
SIMATIC Field PG M6: All versions
SIMATIC Field PG M5: All versions
SIMATIC Drive Controller: All versions
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP: All versions
SIMATIC ET 200SP Open Controller CPU 1515SP PC2: All versions
SIMATIC ITP1000: All versions
SIMATIC IPC547G: All versions
SIMATIC IPC477E: All versions
SIMATIC IPC427E: All versions
SIMATIC IPC847E: before 25.02.10
SIMATIC IPC677E: before 25.02.10
SIMATIC IPC647E: before 25.02.10
SIMATIC IPC627E: before 25.02.10
CPE2.3- cpe:2.3:h:siemens:sinumerik_one_ppu_1740:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:sinumerik_one_sinumerik_840d_sl_handheld_terminal_ht_10:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:sinumerik_mc_mcu_1720:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:sinumerik_828d_hw_ppu.4:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_s7-1500_cpu_1518f-4_pn-dp_mfp:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_ipc527ge:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_ipc477e_pro:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_ipc127e:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_field_pg_m6:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_field_pg_m5:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_drive_controller:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_s7-1500_cpu_1518-4_pn_dp_mfp:*:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:simatic_et_200sp_open_controller_cpu_1515sp_pc2:*:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:simatic_itp1000:*:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:simatic_ipc547g:*:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:simatic_ipc477e:*:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:simatic_ipc427e:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_ipc847e:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_ipc677e:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_ipc647e:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_ipc627e:*:*:*:*:*:*:*:*
https:
https://cert-portal.siemens.com/productcert/pdf/ssa-309571.pdf
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Input validation error
EUVDB-ID: #VU54168
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2020-24486
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in the firmware. A local user can pass specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSINUMERIK ONE PPU 1740: All versions
SINUMERIK ONE / SINUMERIK 840D sl Handheld Terminal HT 10: All versions
SINUMERIK MC MCU 1720: All versions
SINUMERIK 828D HW PPU.4: All versions
SIMATIC S7-1500 CPU 1518F-4 PN-DP MFP: All versions
SIMATIC IPC527GE: All versions
SIMATIC IPC477E Pro: All versions
SIMATIC IPC127E: All versions
SIMATIC Field PG M6: All versions
SIMATIC Field PG M5: All versions
SIMATIC Drive Controller: All versions
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP: All versions
SIMATIC ET 200SP Open Controller CPU 1515SP PC2: All versions
SIMATIC ITP1000: All versions
SIMATIC IPC547G: All versions
SIMATIC IPC477E: All versions
SIMATIC IPC427E: All versions
SIMATIC IPC847E: before 25.02.10
SIMATIC IPC677E: before 25.02.10
SIMATIC IPC647E: before 25.02.10
SIMATIC IPC627E: before 25.02.10
CPE2.3- cpe:2.3:h:siemens:sinumerik_one_ppu_1740:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:sinumerik_one_sinumerik_840d_sl_handheld_terminal_ht_10:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:sinumerik_mc_mcu_1720:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:sinumerik_828d_hw_ppu.4:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_s7-1500_cpu_1518f-4_pn-dp_mfp:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_ipc527ge:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_ipc477e_pro:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_ipc127e:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_field_pg_m6:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_field_pg_m5:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_drive_controller:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_s7-1500_cpu_1518-4_pn_dp_mfp:*:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:simatic_et_200sp_open_controller_cpu_1515sp_pc2:*:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:simatic_itp1000:*:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:simatic_ipc547g:*:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:simatic_ipc477e:*:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:simatic_ipc427e:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_ipc847e:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_ipc677e:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_ipc647e:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_ipc627e:*:*:*:*:*:*:*:*
https:
https://cert-portal.siemens.com/productcert/pdf/ssa-309571.pdf
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Out-of-bounds read
EUVDB-ID: #VU54199
Risk: Low
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2020-24506
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in a subsystem. A local administrator can trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSINUMERIK ONE PPU 1740: All versions
SINUMERIK ONE / SINUMERIK 840D sl Handheld Terminal HT 10: All versions
SINUMERIK MC MCU 1720: All versions
SINUMERIK 828D HW PPU.4: All versions
SIMATIC S7-1500 CPU 1518F-4 PN-DP MFP: All versions
SIMATIC IPC527GE: All versions
SIMATIC IPC477E Pro: All versions
SIMATIC IPC127E: All versions
SIMATIC Field PG M6: All versions
SIMATIC Field PG M5: All versions
SIMATIC Drive Controller: All versions
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP: All versions
SIMATIC ET 200SP Open Controller CPU 1515SP PC2: All versions
SIMATIC ITP1000: All versions
SIMATIC IPC547G: All versions
SIMATIC IPC477E: All versions
SIMATIC IPC427E: All versions
SIMATIC IPC847E: before 25.02.10
SIMATIC IPC677E: before 25.02.10
SIMATIC IPC647E: before 25.02.10
SIMATIC IPC627E: before 25.02.10
CPE2.3- cpe:2.3:h:siemens:sinumerik_one_ppu_1740:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:sinumerik_one_sinumerik_840d_sl_handheld_terminal_ht_10:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:sinumerik_mc_mcu_1720:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:sinumerik_828d_hw_ppu.4:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_s7-1500_cpu_1518f-4_pn-dp_mfp:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_ipc527ge:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_ipc477e_pro:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_ipc127e:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_field_pg_m6:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_field_pg_m5:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_drive_controller:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_s7-1500_cpu_1518-4_pn_dp_mfp:*:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:simatic_et_200sp_open_controller_cpu_1515sp_pc2:*:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:simatic_itp1000:*:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:simatic_ipc547g:*:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:simatic_ipc477e:*:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:simatic_ipc427e:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_ipc847e:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_ipc677e:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_ipc647e:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_ipc627e:*:*:*:*:*:*:*:*
https:
https://cert-portal.siemens.com/productcert/pdf/ssa-309571.pdf
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Information disclosure
EUVDB-ID: #VU54196
Risk: Low
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2020-24507
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to improper initialization in a subsystem. A local administrator can gain unauthorized access to sensitive information on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSINUMERIK ONE PPU 1740: All versions
SINUMERIK ONE / SINUMERIK 840D sl Handheld Terminal HT 10: All versions
SINUMERIK MC MCU 1720: All versions
SINUMERIK 828D HW PPU.4: All versions
SIMATIC S7-1500 CPU 1518F-4 PN-DP MFP: All versions
SIMATIC IPC527GE: All versions
SIMATIC IPC477E Pro: All versions
SIMATIC IPC127E: All versions
SIMATIC Field PG M6: All versions
SIMATIC Field PG M5: All versions
SIMATIC Drive Controller: All versions
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP: All versions
SIMATIC ET 200SP Open Controller CPU 1515SP PC2: All versions
SIMATIC ITP1000: All versions
SIMATIC IPC547G: All versions
SIMATIC IPC477E: All versions
SIMATIC IPC427E: All versions
SIMATIC IPC847E: before 25.02.10
SIMATIC IPC677E: before 25.02.10
SIMATIC IPC647E: before 25.02.10
SIMATIC IPC627E: before 25.02.10
CPE2.3- cpe:2.3:h:siemens:sinumerik_one_ppu_1740:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:sinumerik_one_sinumerik_840d_sl_handheld_terminal_ht_10:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:sinumerik_mc_mcu_1720:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:sinumerik_828d_hw_ppu.4:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_s7-1500_cpu_1518f-4_pn-dp_mfp:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_ipc527ge:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_ipc477e_pro:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_ipc127e:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_field_pg_m6:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_field_pg_m5:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_drive_controller:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_s7-1500_cpu_1518-4_pn_dp_mfp:*:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:simatic_et_200sp_open_controller_cpu_1515sp_pc2:*:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:simatic_itp1000:*:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:simatic_ipc547g:*:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:simatic_ipc477e:*:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:simatic_ipc427e:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_ipc847e:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_ipc677e:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_ipc647e:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_ipc627e:*:*:*:*:*:*:*:*
https:
https://cert-portal.siemens.com/productcert/pdf/ssa-309571.pdf
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Information disclosure
EUVDB-ID: #VU54203
Risk: Low
CVSSv4.0: 1.9 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2020-24511
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to improper isolation of shared resources. A local user can gain unauthorized access to sensitive information on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSINUMERIK ONE PPU 1740: All versions
SINUMERIK ONE / SINUMERIK 840D sl Handheld Terminal HT 10: All versions
SINUMERIK MC MCU 1720: All versions
SINUMERIK 828D HW PPU.4: All versions
SIMATIC S7-1500 CPU 1518F-4 PN-DP MFP: All versions
SIMATIC IPC527GE: All versions
SIMATIC IPC477E Pro: All versions
SIMATIC IPC127E: All versions
SIMATIC Field PG M6: All versions
SIMATIC Field PG M5: All versions
SIMATIC Drive Controller: All versions
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP: All versions
SIMATIC ET 200SP Open Controller CPU 1515SP PC2: All versions
SIMATIC ITP1000: All versions
SIMATIC IPC547G: All versions
SIMATIC IPC477E: All versions
SIMATIC IPC427E: All versions
SIMATIC IPC847E: before 25.02.10
SIMATIC IPC677E: before 25.02.10
SIMATIC IPC647E: before 25.02.10
SIMATIC IPC627E: before 25.02.10
CPE2.3- cpe:2.3:h:siemens:sinumerik_one_ppu_1740:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:sinumerik_one_sinumerik_840d_sl_handheld_terminal_ht_10:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:sinumerik_mc_mcu_1720:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:sinumerik_828d_hw_ppu.4:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_s7-1500_cpu_1518f-4_pn-dp_mfp:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_ipc527ge:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_ipc477e_pro:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_ipc127e:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_field_pg_m6:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_field_pg_m5:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_drive_controller:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_s7-1500_cpu_1518-4_pn_dp_mfp:*:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:simatic_et_200sp_open_controller_cpu_1515sp_pc2:*:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:simatic_itp1000:*:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:simatic_ipc547g:*:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:simatic_ipc477e:*:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:simatic_ipc427e:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_ipc847e:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_ipc677e:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_ipc647e:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_ipc627e:*:*:*:*:*:*:*:*
https:
https://cert-portal.siemens.com/productcert/pdf/ssa-309571.pdf
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Observable discrepancy
EUVDB-ID: #VU54204
Risk: Low
CVSSv4.0: 0.4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2020-24512
CWE-ID:
CWE-203 - Observable discrepancy
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to observable timing discrepancy. A local user can gain unauthorized access to sensitive information on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSINUMERIK ONE PPU 1740: All versions
SINUMERIK ONE / SINUMERIK 840D sl Handheld Terminal HT 10: All versions
SINUMERIK MC MCU 1720: All versions
SINUMERIK 828D HW PPU.4: All versions
SIMATIC S7-1500 CPU 1518F-4 PN-DP MFP: All versions
SIMATIC IPC527GE: All versions
SIMATIC IPC477E Pro: All versions
SIMATIC IPC127E: All versions
SIMATIC Field PG M6: All versions
SIMATIC Field PG M5: All versions
SIMATIC Drive Controller: All versions
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP: All versions
SIMATIC ET 200SP Open Controller CPU 1515SP PC2: All versions
SIMATIC ITP1000: All versions
SIMATIC IPC547G: All versions
SIMATIC IPC477E: All versions
SIMATIC IPC427E: All versions
SIMATIC IPC847E: before 25.02.10
SIMATIC IPC677E: before 25.02.10
SIMATIC IPC647E: before 25.02.10
SIMATIC IPC627E: before 25.02.10
CPE2.3- cpe:2.3:h:siemens:sinumerik_one_ppu_1740:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:sinumerik_one_sinumerik_840d_sl_handheld_terminal_ht_10:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:sinumerik_mc_mcu_1720:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:sinumerik_828d_hw_ppu.4:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_s7-1500_cpu_1518f-4_pn-dp_mfp:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_ipc527ge:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_ipc477e_pro:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_ipc127e:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_field_pg_m6:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_field_pg_m5:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_drive_controller:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_s7-1500_cpu_1518-4_pn_dp_mfp:*:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:simatic_et_200sp_open_controller_cpu_1515sp_pc2:*:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:simatic_itp1000:*:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:simatic_ipc547g:*:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:simatic_ipc477e:*:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:simatic_ipc427e:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_ipc847e:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_ipc677e:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_ipc647e:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_ipc627e:*:*:*:*:*:*:*:*
https:
https://cert-portal.siemens.com/productcert/pdf/ssa-309571.pdf
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Information disclosure
EUVDB-ID: #VU54220
Risk: Low
CVSSv4.0: 1.9 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2020-24513
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user o gain access to potentially sensitive information.
The vulnerability exists due to domain-bypass transient execution issue. A local user can gain unauthorized access to sensitive information on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSINUMERIK ONE PPU 1740: All versions
SINUMERIK ONE / SINUMERIK 840D sl Handheld Terminal HT 10: All versions
SINUMERIK MC MCU 1720: All versions
SINUMERIK 828D HW PPU.4: All versions
SIMATIC S7-1500 CPU 1518F-4 PN-DP MFP: All versions
SIMATIC IPC527GE: All versions
SIMATIC IPC477E Pro: All versions
SIMATIC IPC127E: All versions
SIMATIC Field PG M6: All versions
SIMATIC Field PG M5: All versions
SIMATIC Drive Controller: All versions
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP: All versions
SIMATIC ET 200SP Open Controller CPU 1515SP PC2: All versions
SIMATIC ITP1000: All versions
SIMATIC IPC547G: All versions
SIMATIC IPC477E: All versions
SIMATIC IPC427E: All versions
SIMATIC IPC847E: before 25.02.10
SIMATIC IPC677E: before 25.02.10
SIMATIC IPC647E: before 25.02.10
SIMATIC IPC627E: before 25.02.10
CPE2.3- cpe:2.3:h:siemens:sinumerik_one_ppu_1740:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:sinumerik_one_sinumerik_840d_sl_handheld_terminal_ht_10:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:sinumerik_mc_mcu_1720:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:sinumerik_828d_hw_ppu.4:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_s7-1500_cpu_1518f-4_pn-dp_mfp:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_ipc527ge:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_ipc477e_pro:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_ipc127e:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_field_pg_m6:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_field_pg_m5:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_drive_controller:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_s7-1500_cpu_1518-4_pn_dp_mfp:*:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:simatic_et_200sp_open_controller_cpu_1515sp_pc2:*:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:simatic_itp1000:*:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:simatic_ipc547g:*:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:simatic_ipc477e:*:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:simatic_ipc427e:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_ipc847e:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_ipc677e:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_ipc647e:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_ipc627e:*:*:*:*:*:*:*:*
https:
https://cert-portal.siemens.com/productcert/pdf/ssa-309571.pdf
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
