Main Vulnerability Database Vulnerabilities #VU29926

#VU29926 Cleartext transmission of sensitive information in Siemens products - CVE-2020-7592

Published: July 15, 2020 / Updated: July 15, 2020

Vulnerability identifier: #VU29926

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Green

CVE-ID: CVE-2020-7592

CWE-ID: CWE-319

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vulnerable software:
SIMATIC HMI KTP700F
SIMATIC WinCC Runtime Advanced
SIMATIC HMI Basic Panels 1st Generation
SIMATIC HMI Basic Panels 2nd Generation
SIMATIC HMI Comfort Panels
SIMATIC HMI Mobile Panels 2nd Generation

Software vendor:
Siemens

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to software uses insecure communication channel to transmit sensitive information. A remote attacker with ability to intercept network traffic can gain access to sensitive data.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

External links

https://cert-portal.siemens.com/productcert/pdf/ssa-364335.pdf

#VU29926 Cleartext transmission of sensitive information in Siemens products - CVE-2020-7592

Description

Remediation

External links

Please verify you're human