CVE-2020-15796 - Vulnerability Details - OpenCVE

A vulnerability has been identified in SIMATIC ET 200SP Open Controller (incl. SIPLUS variants) (V20.8), SIMATIC S7-1500 Software Controller (V20.8). The web server of the affected products contains a vulnerability that could allow a remote attacker to trigger a denial-of-service condition by sending a specially crafted HTTP request.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Siemens	Simatic Et 200sp Open Controller Simatic Et 200sp Open Controller Firmware Simatic S7-1500 Software Controller Simatic S7-1500 Software Controller Firmware

Configuration 1 [-]

AND

cpe:2.3:o:siemens:simatic_et_200sp_open_controller_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_et_200sp_open_controller:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:siemens:simatic_s7-1500_software_controller_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_s7-1500_software_controller:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://cert-portal.siemens.com/productcert/pdf/ssa-700697.pdf

History

No history.

MITRE

Status: PUBLISHED

Assigner: siemens

Published: 2020-12-14T21:05:18

Updated: 2024-08-04T13:30:21.823Z

Reserved: 2020-07-15T00:00:00

Link: CVE-2020-15796

Vulnrichment

No data.

NVD

Status : Modified

Published: 2020-12-14T21:15:19.440

Modified: 2024-11-21T05:06:11.890

Link: CVE-2020-15796

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "SIMATIC ET 200SP Open Controller (incl. SIPLUS variants)", "vendor": "Siemens", "versions": [{"status": "affected", "version": "V20.8"}]}, {"product": "SIMATIC S7-1500 Software Controller", "vendor": "Siemens", "versions": [{"status": "affected", "version": "V20.8"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in SIMATIC ET 200SP Open Controller (incl. SIPLUS variants) (V20.8), SIMATIC S7-1500 Software Controller (V20.8). The web server of the affected products contains a vulnerability that could allow a remote attacker to trigger a denial-of-service condition by sending a specially crafted HTTP request."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-248", "description": "CWE-248: Uncaught Exception", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-12-14T21:05:18", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-700697.pdf"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "productcert@siemens.com", "ID": "CVE-2020-15796", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "SIMATIC ET 200SP Open Controller (incl. SIPLUS variants)", "version": {"version_data": [{"version_value": "V20.8"}]}}, {"product_name": "SIMATIC S7-1500 Software Controller", "version": {"version_data": [{"version_value": "V20.8"}]}}]}, "vendor_name": "Siemens"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability has been identified in SIMATIC ET 200SP Open Controller (incl. SIPLUS variants) (V20.8), SIMATIC S7-1500 Software Controller (V20.8). The web server of the affected products contains a vulnerability that could allow a remote attacker to trigger a denial-of-service condition by sending a specially crafted HTTP request."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-248: Uncaught Exception"}]}]}, "references": {"reference_data": [{"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-700697.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-700697.pdf"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T13:30:21.823Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-700697.pdf"}]}]}, "cveMetadata": {"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2020-15796", "datePublished": "2020-12-14T21:05:18", "dateReserved": "2020-07-15T00:00:00", "dateUpdated": "2024-08-04T13:30:21.823Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:simatic_et_200sp_open_controller_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "BB17DB68-B876-4238-961E-383E0CD24E66", "versionEndIncluding": "20.8", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:simatic_et_200sp_open_controller:-:*:*:*:*:*:*:*", "matchCriteriaId": "A5B5313D-48E9-47F5-BF59-C71A255D9831", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:simatic_s7-1500_software_controller_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "2BDF4011-5D76-4A15-9E2F-01B38685CD7B", "versionEndIncluding": "20.8", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:simatic_s7-1500_software_controller:-:*:*:*:*:*:*:*", "matchCriteriaId": "FE4D4D21-9868-4FA3-89A8-1EEC473383EF", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in SIMATIC ET 200SP Open Controller (incl. SIPLUS variants) (V20.8), SIMATIC S7-1500 Software Controller (V20.8). The web server of the affected products contains a vulnerability that could allow a remote attacker to trigger a denial-of-service condition by sending a specially crafted HTTP request."}, {"lang": "es", "value": "Se ha identificado una vulnerabilidad en SIMATIC ET 200SP Open Controller (incluyendo variantes SIPLUS) (versi\u00f3n V20.8), SIMATIC S7-1500 Software Controller (versi\u00f3n V20.8). El servidor web de los productos afectados contiene una vulnerabilidad que podr\u00eda permitir a un atacante remoto desencadenar una condici\u00f3n de denegaci\u00f3n de servicio mediante el env\u00edo de una petici\u00f3n HTTP especialmente dise\u00f1ada"}], "id": "CVE-2020-15796", "lastModified": "2024-11-21T05:06:11.890", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-12-14T21:15:19.440", "references": [{"source": "productcert@siemens.com", "tags": ["Vendor Advisory"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-700697.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-700697.pdf"}], "sourceIdentifier": "productcert@siemens.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-248"}], "source": "productcert@siemens.com", "type": "Secondary"}]}