Vulnerability Change Records for CVE-2020-15786

Change History

Reanalysis 9/17/2020 12:28:28 PM

Action Type Old Value New Value
Added CVSS V2

								
							
							
						
NIST (AV:N/AC:L/Au:N/C:P/I:N/A:N)
Removed CVSS V2
NIST (AV:N/AC:L/Au:N/C:P/I:P/A:P)

								
						

Initial Analysis 9/14/2020 4:47:33 PM

Action Type Old Value New Value
Added CPE Configuration

								
							
							
						
AND
     OR
          *cpe:2.3:o:siemens:simatic_hmi_basic_panels_2nd_generation_firmware:*:*:*:*:*:*:*:* versions up to (including) 14
     OR
          cpe:2.3:h:siemens:simatic_hmi_basic_panels_2nd_generation:-:*:*:*:*:*:*:*
Added CPE Configuration

								
							
							
						
AND
     OR
          *cpe:2.3:o:siemens:simatic_hmi_comfort_panels_firmware:*:*:*:*:*:*:*:*
     OR
          cpe:2.3:h:siemens:simatic_hmi_comfort_panels:-:*:*:*:*:*:*:*
Added CPE Configuration

								
							
							
						
AND
     OR
          *cpe:2.3:o:siemens:simatic_hmi_mobile_panels_firmware:*:*:*:*:*:*:*:*
     OR
          cpe:2.3:h:siemens:simatic_hmi_mobile_panels:-:*:*:*:*:*:*:*
Added CPE Configuration

								
							
							
						
AND
     OR
          *cpe:2.3:o:siemens:simatic_hmi_united_comfort_panels_firmware:*:*:*:*:*:*:*:*
     OR
          cpe:2.3:h:siemens:simatic_hmi_united_comfort_panels:-:*:*:*:*:*:*:*
Added CVSS V2

								
							
							
						
NIST (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Added CVSS V3.1

								
							
							
						
NIST AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Added CWE

								
							
							
						
NIST CWE-307
Changed Reference Type
https://cert-portal.siemens.com/productcert/pdf/ssa-542525.pdf No Types Assigned
https://cert-portal.siemens.com/productcert/pdf/ssa-542525.pdf Vendor Advisory

CVE Modified by Siemens AG 12/14/2020 4:15:18 PM

Action Type Old Value New Value
Changed Description
A vulnerability has been identified in SIMATIC HMI Basic Panels 2nd Generation (incl. SIPLUS variants) (All versions >= 14 and V < XX), SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions), SIMATIC HMI Mobile Panels (All versions), SIMATIC HMI United Comfort Panels (All versions). Affected devices insufficiently block excessive authentication attempts. This could allow a remote attacker to discover user passwords and obtain access to the Sm@rt Server via a brute-force attack.
A vulnerability has been identified in SIMATIC HMI Basic Panels 2nd Generation (incl. SIPLUS variants) (All versions >= V14), SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions), SIMATIC HMI Mobile Panels (All versions), SIMATIC HMI Unified Comfort Panels (All versions). Affected devices insufficiently block excessive authentication attempts.

This could allow a remote attacker to discover user passwords and obtain access to the Sm@rt Server via a brute-force attack.

CVE Modified by Siemens AG 12/14/2020 5:15:14 PM

Action Type Old Value New Value
Changed Description
A vulnerability has been identified in SIMATIC HMI Basic Panels 2nd Generation (incl. SIPLUS variants) (All versions >= V14), SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions), SIMATIC HMI Mobile Panels (All versions), SIMATIC HMI Unified Comfort Panels (All versions). Affected devices insufficiently block excessive authentication attempts.

This could allow a remote attacker to discover user passwords and obtain access to the Sm@rt Server via a brute-force attack.
A vulnerability has been identified in SIMATIC HMI Basic Panels 2nd Generation (incl. SIPLUS variants) (All versions >= V14), SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions), SIMATIC HMI Mobile Panels (All versions), SIMATIC HMI Unified Comfort Panels (All versions). Affected devices insufficiently block excessive authentication attempts. This could allow a remote attacker to discover user passwords and obtain access to the Sm@rt Server via a brute-force attack.