#VU50271 Missing Authentication for Critical Function in Siemens products - CVE-2020-15798
Published: February 3, 2021 / Updated: May 13, 2021
Vulnerability identifier: #VU50271
Vulnerability risk: High
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2020-15798
CWE-ID: CWE-306
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
SINAMICS SM150i
SINAMICS SM150
SINAMICS SM120
SINAMICS SL150
SINAMICS SH150
SINAMICS GM150
SINAMICS GL150
SINAMICS GH150
SIMATIC HMI Comfort Panels
SIMATIC HMI KTP Mobile Panels
SINAMICS SM150i
SINAMICS SM150
SINAMICS SM120
SINAMICS SL150
SINAMICS SH150
SINAMICS GM150
SINAMICS GL150
SINAMICS GH150
SIMATIC HMI Comfort Panels
SIMATIC HMI KTP Mobile Panels
Software vendor:
Siemens
Siemens
Description
The vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to the affected devices with enabled Telnet service do not require authentication for this service. A remote attacker can gain full access to the device.
Remediation
Install updates from vendor's website.