Improper Restriction of Excessive Authentication Attempts in Siemens products - CVE-2020-15786
Published: September 9, 2020
Vulnerability identifier: #VU46526
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2020-15786
CWE-ID: CWE-307
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Siemens
Affected software:
SIMATIC HMI Basic Panels 2nd Generation
SIMATIC HMI Comfort Panels
SIMATIC HMI Mobile Panels
SIMATIC HMI Basic Panels 2nd Generation
SIMATIC HMI Comfort Panels
SIMATIC HMI Mobile Panels
Detailed vulnerability description
The vulnerability allows a remote attacker to gain access to the system.
The vulnerability exists due to the authentication mechanism has no brute-force prevention. A remote attacker can launch a brute-force authentication attack to discover user passwords and obtain access to the Sm@rt Server.
How to mitigate CVE-2020-15786
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.