- Simatic s7 plcsim advanced update#
- Simatic s7 plcsim advanced software#
Siemens has not identified any additional specific mitigations or workarounds for this vulnerability.
Simatic s7 plcsim advanced update#
SIPLUS NET variants): Update to v2.2 or later
Simatic s7 plcsim advanced software#
SIMATIC S7-1500 Software Controller: Update to v21.9 or later version. related ET200 CPUs and SIPLUS variants): Update to v2.9.2 or later SIPLUS variants): Update to v4.4.1 or later SIMATIC S7 PLCSIM Advanced: Update to v4 or later. SIPLUS variants): Update to v21.9 or later SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIMATIC Drive Controller family: Update to v2.9.2 or later. Siemens recommends users update to the latest software version: Siemens reported this vulnerability to CISA. CRITICAL INFRASTRUCTURE SECTORS: Multiple. A CVSS v3.1 base score of 5.3 has been calculated the CVSS vector string is ( AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). The affected products are vulnerable to an incorrect authorization check, allowing an attacker to extract information about access protected PLC program variables when simultaneously reading multiple attributes.ĬVE-2020-28397 has been assigned to this vulnerability. SIPLUS NET variants): Version 2.1ģ.2 VULNERABILITY OVERVIEW 3.2.1 INCORRECT AUTHORIZATION CWE-863 SIMATIC S7-1500 Software Controller: All versions higher than v2.5. related ET200 CPUs and SIPLUS variants): All versions higher than v2.5 and prior to v2.9.2 SIMATIC S7 PLCSIM Advanced: All versions higher than v2 and prior to v4. 
SIPLUS variants): All versions prior to v21.9
SIMATIC Drive Controller family: All versions prior to v2.9.2. The following Siemens products are affected: Successful exploitation of this vulnerability allows an unauthenticated attacker to read PLC variables from affected devices without proper authentication under certain circumstances. ATTENTION: Exploitable remotely/low attack complexity.
0 kommentar(er)
