9.8
CRITICAL
CVE-2020-15782
"Siemens Industrial Control System Memory Protection Bypass Vulnerability"
Description

A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V21.9), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.5.0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V2.9.2), SIMATIC S7-1500 Software Controller (All versions < V21.9), SIMATIC S7-PLCSIM Advanced (All versions < V4.0), SINAMICS PERFECT HARMONY GH180 Drives (Drives manufactured before 2021-08-13), SINUMERIK MC (All versions < V6.15), SINUMERIK ONE (All versions < V6.15). Affected devices are vulnerable to a memory protection bypass through a specific operation. A remote unauthenticated attacker with network access to port 102/tcp could potentially write arbitrary data and code to protected memory areas or read sensitive data to launch further attacks.

INFO

Published Date :

May 28, 2021, 4:15 p.m.

Last Modified :

Sept. 14, 2021, 11:15 a.m.

Source :

[email protected]

Remotely Exploitable :

Yes !

Impact Score :

5.9

Exploitability Score :

3.9
Public PoC/Exploit Available at Github

CVE-2020-15782 has a 1 public PoC/Exploit available at Github. Go to the Public Exploits tab to see the list.

Affected Products

The following products are affected by CVE-2020-15782 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Siemens simatic_s7-1500_software_controller_firmware
2 Siemens simatic_s7-plcsim_advanced_firmware
3 Siemens simatic_s7-plcsim_advanced
4 Siemens sinumerik_one_firmware
5 Siemens simatic_driver_controller_firmware
6 Siemens s7-1200_cpu_firmware
7 Siemens s7-1500_cpu_firmware
8 Siemens simatic_s7-1500__software_controller
9 Siemens et_200sp_open_controller_firmware
10 Siemens sinumerik_mc_firmware
: Total Affected Vendor : 1 | Products : 10
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2020-15782.

URL Resource
https://cert-portal.siemens.com/productcert/pdf/ssa-434534.pdf Patch Vendor Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-434535.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-434536.pdf

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Profile Photo
ic3sw0rd/S7_plus_Crash

Siemens SIMATIC vulnerabilities

Updated: 3 weeks, 4 days ago
16 stars 5 fork 5 watcher
Born at : Feb. 10, 2022, 7:59 a.m. This repo has been linked 7 different CVEs too.

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2020-15782 vulnerability anywhere in the article.

The following table lists the changes that have been made to the CVE-2020-15782 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • CVE Modified by [email protected]

    May. 14, 2024

    Action Type Old Value New Value
  • CVE Modified by [email protected]

    Sep. 14, 2021

    Action Type Old Value New Value
    Changed Description A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.5.0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V2.9.2), SIMATIC S7-1500 Software Controller (All versions), SIMATIC S7-PLCSIM Advanced (All versions < V4.0), SINAMICS PERFECT HARMONY GH180 Drives (All versions), SINUMERIK MC (All versions), SINUMERIK ONE (All versions). Affected devices are vulnerable to a memory protection bypass through a specific operation. A remote unauthenticated attacker with network access to port 102/tcp could potentially write arbitrary data and code to protected memory areas or read sensitive data to launch further attacks. A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V21.9), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.5.0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V2.9.2), SIMATIC S7-1500 Software Controller (All versions < V21.9), SIMATIC S7-PLCSIM Advanced (All versions < V4.0), SINAMICS PERFECT HARMONY GH180 Drives (Drives manufactured before 2021-08-13), SINUMERIK MC (All versions < V6.15), SINUMERIK ONE (All versions < V6.15). Affected devices are vulnerable to a memory protection bypass through a specific operation. A remote unauthenticated attacker with network access to port 102/tcp could potentially write arbitrary data and code to protected memory areas or read sensitive data to launch further attacks.
  • CVE Modified by [email protected]

    Jul. 13, 2021

    Action Type Old Value New Value
    Changed Description A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.5.0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V2.9.2), SIMATIC S7-1500 Software Controller (All versions), SIMATIC S7-PLCSIM Advanced (All versions < V4.0), SINAMICS PERFECT HARMONY GH180 Drives (All versions), SINUMERIK MC (All versions), SINUMERIK ONE (All versions). Affected devices are vulnerable to a memory protection bypass through a specific operation. A remote unauthenticated attacker with network access to port 102/tcp could potentially write arbitrary data and code to protected memory areas or read sensitive data to launch further attacks. A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.5.0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V2.9.2), SIMATIC S7-1500 Software Controller (All versions), SIMATIC S7-PLCSIM Advanced (All versions < V4.0), SINAMICS PERFECT HARMONY GH180 Drives (All versions), SINUMERIK MC (All versions), SINUMERIK ONE (All versions). Affected devices are vulnerable to a memory protection bypass through a specific operation. A remote unauthenticated attacker with network access to port 102/tcp could potentially write arbitrary data and code to protected memory areas or read sensitive data to launch further attacks.
  • CVE Modified by [email protected]

    Jul. 13, 2021

    Action Type Old Value New Value
    Changed Description A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.5.0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V2.9.2), SIMATIC S7-1500 Software Controller (All versions), SIMATIC S7-PLCSIM Advanced (All versions < V4.0). Affected devices are vulnerable to a memory protection bypass through a specific operation. A remote unauthenticated attacker with network access to port 102/tcp could potentially write arbitrary data and code to protected memory areas or read sensitive data to launch further attacks. A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.5.0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V2.9.2), SIMATIC S7-1500 Software Controller (All versions), SIMATIC S7-PLCSIM Advanced (All versions < V4.0), SINAMICS PERFECT HARMONY GH180 Drives (All versions), SINUMERIK MC (All versions), SINUMERIK ONE (All versions). Affected devices are vulnerable to a memory protection bypass through a specific operation. A remote unauthenticated attacker with network access to port 102/tcp could potentially write arbitrary data and code to protected memory areas or read sensitive data to launch further attacks.
    Added Reference https://cert-portal.siemens.com/productcert/pdf/ssa-434536.pdf [No Types Assigned]
    Added Reference https://cert-portal.siemens.com/productcert/pdf/ssa-434535.pdf [No Types Assigned]
  • Initial Analysis by [email protected]

    Jun. 10, 2021

    Action Type Old Value New Value
    Added CVSS V2 NIST (AV:N/AC:L/Au:N/C:P/I:P/A:P)
    Added CVSS V3.1 NIST AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    Changed Reference Type https://cert-portal.siemens.com/productcert/pdf/ssa-434534.pdf No Types Assigned https://cert-portal.siemens.com/productcert/pdf/ssa-434534.pdf Patch, Vendor Advisory
    Added CPE Configuration AND OR *cpe:2.3:o:siemens:simatic_driver_controller_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 2.9.2 OR cpe:2.3:h:siemens:cpu_1504d_tf:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:cpu_1507d_tf:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:siemens:s7-1200_cpu_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 4.5.0 OR cpe:2.3:h:siemens:cpu_1211c:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:cpu_1212c:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:cpu_1212fc:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:cpu_1214c:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:cpu_1214fc:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:cpu_1215c:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:cpu_1215fc:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:cpu_1217c:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:siemens:s7-1500_cpu_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 2.9.2 OR cpe:2.3:h:siemens:6es7510-1dj01-0ab0:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:6es7510-1sj01-0ab0:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:6es7511-1ak01-0ab0:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:6es7511-1ak02-0ab0:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:6es7511-1ck00-0ab0:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:6es7511-1ck01-0ab0:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:6es7511-1fk01-0ab0:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:6es7511-1fk02-0ab0:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:6es7511-1tk01-0ab0:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:6es7511-1uk01-0ab0:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:6es7512-1ck00-0ab0:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:6es7512-1ck01-0ab0:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:6es7512-1dk01-0ab0:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:6es7512-1sk01-0ab0:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:6es7513-1al01-0ab0:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:6es7513-1al02-0ab0:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:6es7513-1fl01-0ab0:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:6es7513-1fl02-0ab0:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:6es7513-1rl00-0ab0:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:6es7513-2gl00-0ab0:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:6es7513-2pl00-0ab0:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:6es7515-2am01-0ab0:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:6es7515-2am02-0ab0:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:6es7515-2fm01-0ab0:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:6es7515-2fm02-0ab0:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:6es7515-2rm00-0ab0:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:6es7515-2tm01-0ab0:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:6es7515-2um01-0ab0:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:6es7516-2gn00-0ab0:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:6es7516-2pn00-0ab0:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:6es7516-3an01-0ab0:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:6es7516-3an02-0ab0:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:6es7516-3fn01-0ab0:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:6es7516-3fn02-0ab0:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:6es7516-3tn00-0ab0:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:6es7516-3un00-0ab0:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:6es7517-3ap00-0ab0:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:6es7517-3fp00-0ab0:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:6es7517-3hp00-0ab0:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:6es7517-3tp00-0ab0:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:6es7517-3up00-0ab0:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:6es7518-4ap00-0ab0:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:6es7518-4ap00-3ab0:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:6es7518-4fp00-0ab0:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:6es7518-4fp00-3ab0:-:*:*:*:*:*:*:*
    Added CPE Configuration OR *cpe:2.3:a:siemens:simatic_s7-1500__software_controller:*:*:*:*:*:*:*:* *cpe:2.3:a:siemens:simatic_s7-plcsim_advanced:*:*:*:*:*:*:*:* versions up to (excluding) 4.0
    Added CPE Configuration AND OR *cpe:2.3:o:siemens:et_200sp_open_controller_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:siemens:cpu_1515sp_pc:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:cpu_1515sp_pc2:-:*:*:*:*:*:*:*
  • CVE Modified by [email protected]

    May. 28, 2021

    Action Type Old Value New Value
    Changed Description A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.5.0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V2.9.2), SIMATIC S7-1500 Software Controller (All versions), SIMATIC S7-PLCSIM Advanced (All versions < V4.0). Affected devices are vulnerable to a memory protection bypass through a specific operation. A remote unauthenticated attacker with network access to port 102/tcp could potentially write arbitrary data and code to protected memory areas or read sensitive data to launch further attacks. A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.5.0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V2.9.2), SIMATIC S7-1500 Software Controller (All versions), SIMATIC S7-PLCSIM Advanced (All versions < V4.0). Affected devices are vulnerable to a memory protection bypass through a specific operation. A remote unauthenticated attacker with network access to port 102/tcp could potentially write arbitrary data and code to protected memory areas or read sensitive data to launch further attacks.
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
Exploit Prediction

EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days.

0.53 }} 0.05%

score

0.76276

percentile

CVSS31 - Vulnerability Scoring System
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
: