9.8
CRITICAL CVSS 3.1
CVE-2020-15782
"Siemens Industrial Control System Memory Protection Bypass Vulnerability"
Description

A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V21.9), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.5.0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V2.9.2), SIMATIC S7-1500 Software Controller (All versions < V21.9), SIMATIC S7-PLCSIM Advanced (All versions < V4.0), SINAMICS PERFECT HARMONY GH180 Drives (Drives manufactured before 2021-08-13), SINUMERIK MC (All versions < V6.15), SINUMERIK ONE (All versions < V6.15). Affected devices are vulnerable to a memory protection bypass through a specific operation. A remote unauthenticated attacker with network access to port 102/tcp could potentially write arbitrary data and code to protected memory areas or read sensitive data to launch further attacks.

INFO

Published Date :

May 28, 2021, 4:15 p.m.

Last Modified :

Nov. 21, 2024, 5:06 a.m.

Remotely Exploit :

Yes !
Affected Products

The following products are affected by CVE-2020-15782 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Siemens simatic_s7-1500_software_controller_firmware
2 Siemens simatic_s7-plcsim_advanced_firmware
3 Siemens simatic_s7-plcsim_advanced
4 Siemens sinumerik_one_firmware
5 Siemens simatic_driver_controller_firmware
6 Siemens s7-1200_cpu_firmware
7 Siemens s7-1500_cpu_firmware
8 Siemens simatic_s7-1500__software_controller
9 Siemens et_200sp_open_controller_firmware
10 Siemens sinumerik_mc_firmware
11 Siemens cpu_1504d_tf
12 Siemens cpu_1507d_tf
13 Siemens cpu_1211c
14 Siemens cpu_1212c
15 Siemens cpu_1212fc
16 Siemens cpu_1214c
17 Siemens cpu_1214fc
18 Siemens cpu_1215c
19 Siemens cpu_1215fc
20 Siemens cpu_1217c
21 Siemens 6es7510-1dj01-0ab0
22 Siemens 6es7510-1sj01-0ab0
23 Siemens 6es7511-1ak01-0ab0
24 Siemens 6es7511-1ak02-0ab0
25 Siemens 6es7511-1ck00-0ab0
26 Siemens 6es7511-1ck01-0ab0
27 Siemens 6es7511-1fk01-0ab0
28 Siemens 6es7511-1fk02-0ab0
29 Siemens 6es7511-1tk01-0ab0
30 Siemens 6es7511-1uk01-0ab0
31 Siemens 6es7512-1ck00-0ab0
32 Siemens 6es7512-1ck01-0ab0
33 Siemens 6es7512-1dk01-0ab0
34 Siemens 6es7512-1sk01-0ab0
35 Siemens 6es7513-1al01-0ab0
36 Siemens 6es7513-1al02-0ab0
37 Siemens 6es7513-1fl01-0ab0
38 Siemens 6es7513-1fl02-0ab0
39 Siemens 6es7513-1rl00-0ab0
40 Siemens 6es7513-2gl00-0ab0
41 Siemens 6es7513-2pl00-0ab0
42 Siemens 6es7515-2am01-0ab0
43 Siemens 6es7515-2am02-0ab0
44 Siemens 6es7515-2fm01-0ab0
45 Siemens 6es7515-2fm02-0ab0
46 Siemens 6es7515-2rm00-0ab0
47 Siemens 6es7515-2tm01-0ab0
48 Siemens 6es7515-2um01-0ab0
49 Siemens 6es7516-2gn00-0ab0
50 Siemens 6es7516-2pn00-0ab0
51 Siemens 6es7516-3an01-0ab0
52 Siemens 6es7516-3an02-0ab0
53 Siemens 6es7516-3fn01-0ab0
54 Siemens 6es7516-3fn02-0ab0
55 Siemens 6es7516-3tn00-0ab0
56 Siemens 6es7516-3un00-0ab0
57 Siemens 6es7517-3ap00-0ab0
58 Siemens 6es7517-3fp00-0ab0
59 Siemens 6es7517-3hp00-0ab0
60 Siemens 6es7517-3tp00-0ab0
61 Siemens 6es7517-3up00-0ab0
62 Siemens 6es7518-4ap00-0ab0
63 Siemens 6es7518-4ap00-3ab0
64 Siemens 6es7518-4fp00-0ab0
65 Siemens 6es7518-4fp00-3ab0
66 Siemens cpu_1515sp_pc
67 Siemens cpu_1515sp_pc2
CVSS Scores
The Common Vulnerability Scoring System is a standardized framework for assessing the severity of vulnerabilities in software and systems. We collect and displays CVSS scores from various sources for each CVE.
Score Version Severity Vector Exploitability Score Impact Score Source
CVSS 2.0 HIGH [email protected]
CVSS 3.1 CRITICAL [email protected]
Public PoC/Exploit Available at Github

CVE-2020-15782 has a 1 public PoC/Exploit available at Github. Go to the Public Exploits tab to see the list.

CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2020-15782 is associated with the following CWEs:

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Siemens SIMATIC vulnerabilities

Updated: 2 months, 1 week ago
22 stars 6 fork 6 watcher
Born at : Feb. 10, 2022, 7:59 a.m. This repo has been linked 7 different CVEs too.

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2020-15782 vulnerability anywhere in the article.

The following table lists the changes that have been made to the CVE-2020-15782 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • CVE Modified by af854a3a-2127-422b-91ae-364da2661108

    Nov. 21, 2024

    Action Type Old Value New Value
    Added Reference https://cert-portal.siemens.com/productcert/pdf/ssa-434534.pdf
    Added Reference https://cert-portal.siemens.com/productcert/pdf/ssa-434535.pdf
    Added Reference https://cert-portal.siemens.com/productcert/pdf/ssa-434536.pdf
  • CVE Modified by [email protected]

    May. 14, 2024

    Action Type Old Value New Value
  • CVE Modified by [email protected]

    Sep. 14, 2021

    Action Type Old Value New Value
    Changed Description A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.5.0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V2.9.2), SIMATIC S7-1500 Software Controller (All versions), SIMATIC S7-PLCSIM Advanced (All versions < V4.0), SINAMICS PERFECT HARMONY GH180 Drives (All versions), SINUMERIK MC (All versions), SINUMERIK ONE (All versions). Affected devices are vulnerable to a memory protection bypass through a specific operation. A remote unauthenticated attacker with network access to port 102/tcp could potentially write arbitrary data and code to protected memory areas or read sensitive data to launch further attacks. A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V21.9), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.5.0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V2.9.2), SIMATIC S7-1500 Software Controller (All versions < V21.9), SIMATIC S7-PLCSIM Advanced (All versions < V4.0), SINAMICS PERFECT HARMONY GH180 Drives (Drives manufactured before 2021-08-13), SINUMERIK MC (All versions < V6.15), SINUMERIK ONE (All versions < V6.15). Affected devices are vulnerable to a memory protection bypass through a specific operation. A remote unauthenticated attacker with network access to port 102/tcp could potentially write arbitrary data and code to protected memory areas or read sensitive data to launch further attacks.
  • CVE Modified by [email protected]

    Jul. 13, 2021

    Action Type Old Value New Value
    Changed Description A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.5.0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V2.9.2), SIMATIC S7-1500 Software Controller (All versions), SIMATIC S7-PLCSIM Advanced (All versions < V4.0), SINAMICS PERFECT HARMONY GH180 Drives (All versions), SINUMERIK MC (All versions), SINUMERIK ONE (All versions). Affected devices are vulnerable to a memory protection bypass through a specific operation. A remote unauthenticated attacker with network access to port 102/tcp could potentially write arbitrary data and code to protected memory areas or read sensitive data to launch further attacks. A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.5.0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V2.9.2), SIMATIC S7-1500 Software Controller (All versions), SIMATIC S7-PLCSIM Advanced (All versions < V4.0), SINAMICS PERFECT HARMONY GH180 Drives (All versions), SINUMERIK MC (All versions), SINUMERIK ONE (All versions). Affected devices are vulnerable to a memory protection bypass through a specific operation. A remote unauthenticated attacker with network access to port 102/tcp could potentially write arbitrary data and code to protected memory areas or read sensitive data to launch further attacks.
  • CVE Modified by [email protected]

    Jul. 13, 2021

    Action Type Old Value New Value
    Changed Description A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.5.0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V2.9.2), SIMATIC S7-1500 Software Controller (All versions), SIMATIC S7-PLCSIM Advanced (All versions < V4.0). Affected devices are vulnerable to a memory protection bypass through a specific operation. A remote unauthenticated attacker with network access to port 102/tcp could potentially write arbitrary data and code to protected memory areas or read sensitive data to launch further attacks. A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.5.0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V2.9.2), SIMATIC S7-1500 Software Controller (All versions), SIMATIC S7-PLCSIM Advanced (All versions < V4.0), SINAMICS PERFECT HARMONY GH180 Drives (All versions), SINUMERIK MC (All versions), SINUMERIK ONE (All versions). Affected devices are vulnerable to a memory protection bypass through a specific operation. A remote unauthenticated attacker with network access to port 102/tcp could potentially write arbitrary data and code to protected memory areas or read sensitive data to launch further attacks.
    Added Reference https://cert-portal.siemens.com/productcert/pdf/ssa-434536.pdf [No Types Assigned]
    Added Reference https://cert-portal.siemens.com/productcert/pdf/ssa-434535.pdf [No Types Assigned]
  • Initial Analysis by [email protected]

    Jun. 10, 2021

    Action Type Old Value New Value
    Added CVSS V2 NIST (AV:N/AC:L/Au:N/C:P/I:P/A:P)
    Added CVSS V3.1 NIST AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    Changed Reference Type https://cert-portal.siemens.com/productcert/pdf/ssa-434534.pdf No Types Assigned https://cert-portal.siemens.com/productcert/pdf/ssa-434534.pdf Patch, Vendor Advisory
    Added CPE Configuration AND OR *cpe:2.3:o:siemens:simatic_driver_controller_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 2.9.2 OR cpe:2.3:h:siemens:cpu_1504d_tf:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:cpu_1507d_tf:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:siemens:s7-1200_cpu_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 4.5.0 OR cpe:2.3:h:siemens:cpu_1211c:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:cpu_1212c:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:cpu_1212fc:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:cpu_1214c:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:cpu_1214fc:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:cpu_1215c:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:cpu_1215fc:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:cpu_1217c:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:siemens:s7-1500_cpu_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 2.9.2 OR cpe:2.3:h:siemens:6es7510-1dj01-0ab0:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:6es7510-1sj01-0ab0:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:6es7511-1ak01-0ab0:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:6es7511-1ak02-0ab0:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:6es7511-1ck00-0ab0:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:6es7511-1ck01-0ab0:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:6es7511-1fk01-0ab0:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:6es7511-1fk02-0ab0:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:6es7511-1tk01-0ab0:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:6es7511-1uk01-0ab0:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:6es7512-1ck00-0ab0:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:6es7512-1ck01-0ab0:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:6es7512-1dk01-0ab0:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:6es7512-1sk01-0ab0:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:6es7513-1al01-0ab0:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:6es7513-1al02-0ab0:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:6es7513-1fl01-0ab0:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:6es7513-1fl02-0ab0:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:6es7513-1rl00-0ab0:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:6es7513-2gl00-0ab0:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:6es7513-2pl00-0ab0:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:6es7515-2am01-0ab0:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:6es7515-2am02-0ab0:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:6es7515-2fm01-0ab0:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:6es7515-2fm02-0ab0:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:6es7515-2rm00-0ab0:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:6es7515-2tm01-0ab0:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:6es7515-2um01-0ab0:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:6es7516-2gn00-0ab0:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:6es7516-2pn00-0ab0:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:6es7516-3an01-0ab0:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:6es7516-3an02-0ab0:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:6es7516-3fn01-0ab0:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:6es7516-3fn02-0ab0:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:6es7516-3tn00-0ab0:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:6es7516-3un00-0ab0:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:6es7517-3ap00-0ab0:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:6es7517-3fp00-0ab0:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:6es7517-3hp00-0ab0:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:6es7517-3tp00-0ab0:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:6es7517-3up00-0ab0:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:6es7518-4ap00-0ab0:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:6es7518-4ap00-3ab0:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:6es7518-4fp00-0ab0:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:6es7518-4fp00-3ab0:-:*:*:*:*:*:*:*
    Added CPE Configuration OR *cpe:2.3:a:siemens:simatic_s7-1500__software_controller:*:*:*:*:*:*:*:* *cpe:2.3:a:siemens:simatic_s7-plcsim_advanced:*:*:*:*:*:*:*:* versions up to (excluding) 4.0
    Added CPE Configuration AND OR *cpe:2.3:o:siemens:et_200sp_open_controller_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:siemens:cpu_1515sp_pc:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:cpu_1515sp_pc2:-:*:*:*:*:*:*:*
  • CVE Modified by [email protected]

    May. 28, 2021

    Action Type Old Value New Value
    Changed Description A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.5.0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V2.9.2), SIMATIC S7-1500 Software Controller (All versions), SIMATIC S7-PLCSIM Advanced (All versions < V4.0). Affected devices are vulnerable to a memory protection bypass through a specific operation. A remote unauthenticated attacker with network access to port 102/tcp could potentially write arbitrary data and code to protected memory areas or read sensitive data to launch further attacks. A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.5.0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V2.9.2), SIMATIC S7-1500 Software Controller (All versions), SIMATIC S7-PLCSIM Advanced (All versions < V4.0). Affected devices are vulnerable to a memory protection bypass through a specific operation. A remote unauthenticated attacker with network access to port 102/tcp could potentially write arbitrary data and code to protected memory areas or read sensitive data to launch further attacks.
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
Vulnerability Scoring Details
Base CVSS Score: 9.8
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact
Base CVSS Score: 7.5
Access Vector
Access Complexity
Authentication
Confidentiality Impact
Integrity Impact
Availability Impact
Exploit Prediction

EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days.

0.41 }} -0.28%

score

0.58520

percentile