CVE-2020-15782:
Memory Protection Bypass Vulnerability in Siemens SIMATIC and SINAMICS Products
Score
A numerical rating that indicates how dangerous this vulnerability is.
9.8Critical- Published Date:May 28, 2021
- CISA KEV Date:*No Data*
- Industries Affected:20
Threat Predictions
- EPSS Score:0.3
- EPSS Percentile:53%
Exploitability
- Score:3.9
- Attack Vector:NETWORK
- Attack Complexity:LOW
- Privileges Required:NONE
- User Interaction:NONE
- Scope:UNCHANGED
Impact
- Score:5.9
- Confidentiality Impact:HIGH
- Integrity Impact:HIGH
- Availability Impact:HIGH
Description Preview
Memory Protection Bypass Vulnerability in Siemens SIMATIC and SINAMICS Products
Overview
This vulnerability affects a wide range of Siemens industrial automation products. The issue stems from a memory protection bypass vulnerability that can be exploited through port 102/tcp (the standard S7 communication port). An unauthenticated attacker with network access to this port could potentially execute arbitrary code, modify critical system parameters, or extract sensitive information from the device. The vulnerability is particularly concerning for industrial environments as it could allow attackers to gain control over critical infrastructure systems, potentially leading to physical damage, production outages, or safety incidents. The affected products are widely used in various industrial sectors including manufacturing, energy, water treatment, and transportation.
Remediation
- Users should implement the following mitigations:
- 1. Update affected devices to the following versions or newer:
- SIMATIC Drive Controller family: V2.9.2
- SIMATIC ET 200SP Open Controller CPU 1515SP PC2: V21.9
- SIMATIC S7-1200 CPU family: V4.5.0
- SIMATIC S7-1500 CPU family: V2.9.2
- SIMATIC S7-1500 Software Controller: V21.9
- SIMATIC S7-PLCSIM Advanced: V4.0
- SINUMERIK MC and ONE: V6.15
- For SINAMICS PERFECT HARMONY GH180 Drives, contact Siemens if manufactured before 2021-08-13
- 2. If updates cannot be applied immediately:
- Implement network segmentation and isolate vulnerable devices from untrusted networks
- Use VPN for remote access to the industrial control system network
- Apply the principle of least privilege for network access to the devices
- Monitor systems for suspicious activities
- Follow defense-in-depth security practices as recommended by Siemens
- 3. Contact Siemens Technical Support for additional guidance specific to your installation.
References
- 1. Siemens Security Advisory SSA-434534: https://cert-portal.siemens.com/productcert/pdf/ssa-434534.pdf
- 2. Siemens Security Advisory SSA-434535: https://cert-portal.siemens.com/productcert/pdf/ssa-434535.pdf
- 3. Siemens Security Advisory SSA-434536: https://cert-portal.siemens.com/productcert/pdf/ssa-434536.pdf
- 4. Siemens ProductCERT: https://www.siemens.com/cert
- 5. ICS-CERT Advisory (for additional information on industrial control system security)
- 6. MITRE CVE-2020-15782: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15782
Industries Affected
Below is a list of industries most commonly impacted or potentially at risk based on intelligence.
