#VU53663 Buffer overflow in Siemens Hardware solutions


Published: 2021-05-31

Vulnerability identifier: #VU53663

Vulnerability risk: High

CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-15782

CWE-ID: CWE-119

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
SIMATIC ET 200SP Open Controller CPU 1515SP PC2
Server applications / SCADA systems
SIMATIC S7-1500 Software Controller
Server applications / SCADA systems
SIMATIC S7-PLCSIM Advanced
Server applications / SCADA systems
SIMATIC ET 200SP Open Controller CPU 1515SP PC
Hardware solutions / Other hardware appliances
SIMATIC S7-1200
Hardware solutions / Firmware
SIMATIC S7-1500 CPU
Hardware solutions / Firmware
SIMATIC Drive Controller
Hardware solutions / Firmware

Vendor: Siemens

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

SIMATIC ET 200SP Open Controller CPU 1515SP PC2: All versions

SIMATIC ET 200SP Open Controller CPU 1515SP PC: All versions

SIMATIC S7-1500 Software Controller: All versions

External links
http://cert-portal.siemens.com/productcert/pdf/ssa-434534.pdf

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Remote code execution in Siemens SINAMICS PERFECT HARMONY GH180
Remote code execution in Siemens SINUMERIK ONE and SINUMERIK MC
Remote code execution in Siemens SIMATIC S7-1200 and S7-1500 CPU Families